225318 matches found
Insertion of Sensitive Information Into Sent Data
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the diagnostics endpoint. An attacker can obtain sensitive secret-backed plugin configuration data by accessing this endpoint. Remediation Upgrade...
GO-2026-5010 Kong Ingress Controller for Kubernetes (KIC): Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint in github.com/kong/kubernetes-ingress-controller
Kong Ingress Controller for Kubernetes KIC: Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint in github.com/kong/kubernetes-ingress-controller...
WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Evan NR in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.8.8...
CVE-2026-45444 WordPress Gift Cards For WooCommerce Pro plugin <= 4.2.6 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6...
CVE-2026-45444
CVE-2026-45444 describes an arbitrary file upload vulnerability in the WordPress plugin Gift Cards For WooCommerce Pro (WP Swings Gift Cards For WooCommerce Pro) up to version 4.2.6. The issue is triggered by uploading a file of an unrestricted/ dangerous type, potentially enabling the attacker t...
CVE-2026-7613
The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata0costofgoodsvalue' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...
CLSA-2026-1779296233 sos: Fix of CVE-2022-2806
CVE-2022-2806: ovirt plugin: filter out all password keys in answer files...
CVE-2026-7613
The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata0costofgoodsvalue' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...
CVE-2026-7613 Cost of Goods by PixelYourSite <= 1.2.12 - Unauthenticated Stored Cross-Site Scripting via Cost of Goods Import
The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata0costofgoodsvalue' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...
CVE-2026-7613 Cost of Goods by PixelYourSite <= 1.2.12 - Unauthenticated Stored Cross-Site Scripting via Cost of Goods Import
The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata0costofgoodsvalue' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...
CVE-2026-7613
CVE-2026-7613 affects the Cost of Goods by PixelYourSite plugin for WordPress. It allows unauthenticated Stored XSS via csvdata[0][cost_of_goods_value] in versions up to 1.2.12 due to insufficient input sanitization and output escaping, enabling arbitrary scripts to run on pages loaded by users. ...
EUVD-2026-31126
The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata0costofgoodsvalue' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...
WordPress HT Contact Form 7 plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin HT Contact Form 7 versions = 2.8.2...
WordPress Broadstreet plugin <= 1.52.2 - Authenticated (Subscriber+) Private Post Meta Disclosure vulnerability
Authenticated Subscriber+ Private Post Meta Disclosure vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Broadstreet Ads versions = 1.52.2...
CVE-2026-42383 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.29.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YITH YITH WooCommerce Product Add-Ons allows Blind SQL Injection. This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.29.0...
CVE-2026-24573 WordPress Visualizer plugin < 4.0.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle Visualizer allows Stored XSS. This issue affects Visualizer: from n/a before 4.0.0...
WordPress YITH WooCommerce Product Add-Ons plugin <= 4.29.0 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin YITH WooCommerce Product Add-Ons versions = 4.29.0...
CVE-2026-27405 WordPress WpBookingly plugin <= 1.2.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9...
CVE-2026-27405 WordPress WpBookingly plugin <= 1.2.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9...
WordPress WpBookingly plugin <= 1.2.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin WpBookingly versions = 1.2.9...