WordPress RepairBuddy plugin <= 4.1121 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin RepairBuddy versions = 4.1121...

CVE-2026-27427 WordPress Geo Mashup plugin <= 1.13.18 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dylan Kuhn Geo Mashup allows Stored XSS. This issue affects Geo Mashup: from n/a through 1.13.18...

WordPress SweetDate Core plugin < 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin SweetDate Core versions 1.1.5...

CVE-2026-39661

CVE-2026-39661 affects the WordPress SW Core plugin (versions ≤ 1.7.18). The issue is a PHP Local File Inclusion due to improper control of the filename used in include/require (the vulnerability aligns with a PHP Remote File Inclusion pattern). The CVSS metrics indicate NETWORK attack vector, HI...

CVE-2026-39661 WordPress SW Core plugin <= 1.7.18 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Magentech SW Core allows PHP Local File Inclusion. This issue affects SW Core: from n/a through 1.7.18...

MAL-2026-4782 Malicious code in @catclaw/message-logger-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf070f85ba454a799d80e6998ee717f0fc9084513041893a164752162e0b0864 On plugin registration, the log-collector is enabled by default and uploads session JSONL files from /.openclaw/agents//sessions to...

Malicious code in @catclaw/message-logger-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf070f85ba454a799d80e6998ee717f0fc9084513041893a164752162e0b0864 On plugin registration, the log-collector is enabled by default and uploads session JSONL files from /.openclaw/agents//sessions to...

WordPress WpEvently plugin <= 5.3.3 - Other Vulnerability Type vulnerability

Other Vulnerability Type vulnerability discovered by dodoh4t in WordPress Plugin WpEvently versions = 5.3.3...

CVE-2026-39655 WordPress Mayosis Core plugin <= 5.4.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in TeconceTheme Mayosis Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mayosis Core: from n/a through 5.4.7...

CVE-2026-39655

CVE-2026-39655 applies to WordPress Mayosis Core plugin, affected through version 5.4.7. The issue is described as a Missing Authorization (Broken Access Control) vulnerability in TeconceTheme Mayosis Core, allowing exploitation due to incorrectly configured access control security levels. CVSS v...

WordPress SW Core plugin <= 1.7.18 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin SW Core versions = 1.7.18...

Exploit for CVE-2026-3296

CVE-2026-3296 CVE-2026-3296 is a CVSS 9.8 Critical unauthentic...

Exploit for CVE-2026-6741

CVE-2026-6741 CVE-2026-6741 is a CVSS 8.8 High Authenticated...

Exploit for CVE-2026-5229

CVE-2026-5229 CVE-2026-5229: Form Notify Auth Bypass via LINE...

Exploit for CVE-2026-6271

CVE-2026-6271 — Career Section WordPress Plugin RCE Scanner...

WordPress Events Schedule - WordPress Events Calendar Plugin plugin <= 2.7.2 - SQL Injection vulnerability

WordPress Events Schedule - WordPress Events Calendar Plugin plugin = 2.7.2 - SQL Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Events Schedule - WordPress Events Calendar Plugin versions = 2.7.2...

WordPress Woocommerce Envato Affiliates plugin <= 1.2.1 - Settings Change vulnerability

Settings Change vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Woocommerce Envato Affiliates versions = 1.2.1...

Exploit for CVE-2026-2942

CVE-2026-2942 ProSolution WP Client — Unauthenticated File U...

CVE-2026-41937

Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows superadmin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file. Attackers can craft a ZIP containing a plugin.php with a valid Slug header and a...

Exploit for Path Traversal in Grafana

GrafTraverse - CVE-2021-43798 MiNi Exploitation Framework...