WordPress Responsive Check plugin <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by MAJidox in WordPress Plugin Responsive Check versions = 0.0.3...

WordPress Google+ Link Name plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by MAJidox in WordPress Plugin Google+ Link Name versions = 1.0...

WordPress GNTT Post Title Ticker plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by MAJidox in WordPress Plugin GNTT Post Title Ticker versions = 1.0...

WordPress Cryptocurrency Prijsvergelijking Widget plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by MAJidox in WordPress Plugin Cryptocurrency Prijsvergelijking Widget versions = 1.0...

WordPress Genzel breadcrumbs plugin <= 1.2 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin Genzel breadcrumbs versions = 1.2...

WordPress Old Posts Highlighter plugin <= 1.0.3 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Old Posts Highlighter versions = 1.0.3...

WordPress faq shortocde plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin faq shortocde versions = 1.0...

WordPress ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin plugin <= 3.3.8 - WooCommerce Builder for Elementor & Gutenberg <= 3.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

All-in-One WooCommerce Growth & Store Enhancement Plugin plugin = 3.3.8 - WooCommerce Builder for Elementor & Gutenberg = 3.3.8 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ammonia - UC SANTA BARBARA in WordPress Plugin ShopLentor versions = 3.3.8...

CVE-2026-48687

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The log function in src/juniperplugin/fastnetmonjuniper.php lines 117-118 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

DEBIAN-CVE-2026-48687

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The log function in src/juniperplugin/fastnetmonjuniper.php lines 117-118 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

CVE-2026-48687

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The log function in src/juniperplugin/fastnetmonjuniper.php lines 117-118 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

UBUNTU-CVE-2026-48687

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The log function in src/juniperplugin/fastnetmonjuniper.php lines 117-118 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

WordPress CM Ad Changer – A simple tool to control and optimize your site's banners plugin <= 2.0.7 - Cross-Site Request Forgery to Campaign Deletion vulnerability

Cross-Site Request Forgery to Campaign Deletion vulnerability discovered by jamaal in WordPress Plugin CM Ad Changer versions = 2.0.7...

WordPress Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin <= 26.5 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by NumeX in WordPress Plugin Yoast SEO versions = 26.5...

WordPress Animation Addons for Elementor – GSAP Motion Elementor Addons & Website Templates plugin <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Animation Addons for Elementor versions = 2.6.3...

CVE-2026-8174

Zohocorp Zoho Mail wordpress plugin is vulnerable to Cross-Site request forgery CSRF. This issue affects Zoho Mail wordpress plugin versions before 1.6.2...

WordPress Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin <= 1.6.11.5 - Unauthenticated Denial of Service vulnerability

Unauthenticated Denial of Service vulnerability discovered by luckybuddy in WordPress Plugin Simply Schedule Appointments versions = 1.6.11.5...

WordPress Style Kits for Elementor plugin <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Style Kits versions = 2.5.0...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-48172link is external LiteSpeed cPanel Plugin Privilege Escalation Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber...

CVE-2026-8174

Zohocorp Zoho Mail wordpress plugin is vulnerable to Cross-Site request forgery CSRF. This issue affects Zoho Mail wordpress plugin versions before 1.6.2...