225304 matches found
CVE-2026-1881 Broadstreet <= 1.52.2 - Authenticated (Subscriber+) Private Post Meta Disclosure via get_sponsored_meta
The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the getsponsoredmeta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2026-48172
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...
CVE-2026-48172
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...
CVE-2026-48172
The vulnerability CVE-2026-48172 affects LiteSpeed User-End cPanel Plugin prior to 2.4.5. The issue stems from mishandling of Redis enable/disable features, enabling privilege escalation (possibly to root). In-the-wild exploitation was reported in May 2026. Detection guidance is provided: run gre...
CVE-2026-48172
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...
EUVD-2026-31204
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...
WordPress plugin wpb-floating-menu-or-categories 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress plugin Avada (Fusion) Builder 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Avada (Fusion) Builder 注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress plugin HAPPY 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress plugin WP Directory Kit SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...
PT-2026-42478
Name of the Vulnerable Software and Affected Versions ConnectWise Automate versions prior to 2026.5 Description The ConnectWise Automate Agent fails to fully verify the authenticity of components obtained during plugin loading and self-update operations. This lack of integrity checks during the...
PT-2026-42533
The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the process ajax restore action function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access a...
WordPress plugin CF7 WOW Styler 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-42460
Name of the Vulnerable Software and Affected Versions Divi Form Builder versions prior to 5.1.3 Description The Divi Form Builder plugin for WordPress allows unauthenticated attackers to create administrator accounts. This occurs because the plugin accepts a user-controlled role parameter from PO...
Catalyst-Plugin-Authentication 安全漏洞
Catalyst-Plugin-Authentication is an open-source authentication plugin framework developed by Catalyst. Versions of Catalyst-Plugin-Authentication prior to 0.10024 contain security vulnerabilities; these vulnerabilities stem from the use of the Perl built-in eq comparison function, which may lead...
LiteSpeed User-End cPanel Plugin 安全漏洞
The LiteSpeed User-End cPanel Plugin is an integrated management plugin for LiteSpeed server users, developed by LiteSpeed Corporation and designed to work within the cPanel environment. Versions of the LiteSpeed User-End cPanel Plugin prior to version 2.4.5 contained security vulnerabilities...
PT-2026-42391
The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the get sponsored meta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...
WordPress plugin Broadstreet 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-42551
Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password...