2 matches found
CVE-2026-2696
The CVE-2026-2696 entry concerns the WordPress plugin Export All URLs (versions before 5.1). Affected component: the plugin’s CSV filename generation uses a predictable pattern based on a random 6‑digit number, and exported CSVs are stored in publicly accessible wp-content/uploads. This enables a...
EUVD-2026-8921
Initiative is a self-hosted project management platform. An access control vulnerability exists in Initiative versions prior to 0.32.2 where uploaded documents are served from a publicly accessible /uploads/ directory without any authentication or authorization checks. Any uploaded file can be...