225048 matches found
EUVD-2026-31811
Zohocorp Zoho Mail wordpress plugin is vulnerable to Cross-Site request forgery CSRF. This issue affects Zoho Mail wordpress plugin versions before 1.6.2...
CVE-2026-8174 Cross-site Request Forgery
Zohocorp Zoho Mail wordpress plugin is vulnerable to Cross-Site request forgery CSRF. This issue affects Zoho Mail wordpress plugin versions before 1.6.2...
CVE-2026-8174 Cross-site Request Forgery
Zohocorp Zoho Mail wordpress plugin is vulnerable to Cross-Site request forgery CSRF. This issue affects Zoho Mail wordpress plugin versions before 1.6.2...
CVE-2026-8174
The vulnerability is in the Zoho Mail WordPress plugin, affected versions before 1.6.2, and is a Cross-Site Request Forgery (CSRF) issue. The issue is confirmed in multiple sources (CVE entries) and affects the Zoho Mail plugin for WordPress. Root cause and exact vulnerable component are describe...
mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026)
Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker...
mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026)
Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker...
mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026)
Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker...
CVE-2026-24590
The CVE-2026-24590 entry affects the WordPress plugin “Paid Videochat Turnkey Site” (versions up to and including 7.3.23). Root cause: Missing/incorrect authorization allows Broken Access Control. Impact, per the provided metrics, is low confidentiality impact and no integrity/availability impact...
CVE-2026-24590 WordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Broken Access Control vulnerability
Missing Authorization vulnerability in VideoWhisper.Com Paid Videochat Turnkey Site allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Paid Videochat Turnkey Site: from n/a through 7.3.23...
WordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by ChuongVN in WordPress Plugin Paid Videochat Turnkey Site versions = 7.3.23...
CVE-2026-24638 WordPress RepairBuddy plugin <= 4.1121 - Broken Access Control vulnerability
Missing Authorization vulnerability in Webful Creations RepairBuddy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RepairBuddy: from n/a through 4.1121...
CVE-2026-24638 WordPress RepairBuddy plugin <= 4.1121 - Broken Access Control vulnerability
Missing Authorization vulnerability in Webful Creations RepairBuddy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RepairBuddy: from n/a through 4.1121...
WordPress RepairBuddy plugin <= 4.1121 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin RepairBuddy versions = 4.1121...
CVE-2026-27427 WordPress Geo Mashup plugin <= 1.13.18 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dylan Kuhn Geo Mashup allows Stored XSS. This issue affects Geo Mashup: from n/a through 1.13.18...
WordPress SweetDate Core plugin < 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin SweetDate Core versions 1.1.5...
CVE-2026-39661
CVE-2026-39661 affects the WordPress SW Core plugin (versions ≤ 1.7.18). The issue is a PHP Local File Inclusion due to improper control of the filename used in include/require (the vulnerability aligns with a PHP Remote File Inclusion pattern). The CVSS metrics indicate NETWORK attack vector, HI...
CVE-2026-39661 WordPress SW Core plugin <= 1.7.18 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Magentech SW Core allows PHP Local File Inclusion. This issue affects SW Core: from n/a through 1.7.18...
Malicious code in @catclaw/message-logger-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf070f85ba454a799d80e6998ee717f0fc9084513041893a164752162e0b0864 On plugin registration, the log-collector is enabled by default and uploads session JSONL files from /.openclaw/agents//sessions to...
MAL-2026-4782 Malicious code in @catclaw/message-logger-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf070f85ba454a799d80e6998ee717f0fc9084513041893a164752162e0b0864 On plugin registration, the log-collector is enabled by default and uploads session JSONL files from /.openclaw/agents//sessions to...
WordPress WpEvently plugin <= 5.3.3 - Other Vulnerability Type vulnerability
Other Vulnerability Type vulnerability discovered by dodoh4t in WordPress Plugin WpEvently versions = 5.3.3...