CVE-2026-8679

The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handleplaylistendpoint function hooked to templateredirect accepting a user-controlled playlist ID via the audioigniterplaylistid query var or the...

WordPress plugin Forminator Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the DecodeImage process. An attacker can access sensitive information from adjacent memory by submitting a specially crafted PCD file. Remediation A fix was pushed into the master branch but not yet published...

CVE-2026-1165

The Popup Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.1.1. This is due to a flawed nonce implementation in the 'publishunpublishpopupbox' function that verifies a self-created nonce rather than one submitted in the request. This mak...

CVE-2026-1165

The Popup Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.1.1. This is due to a flawed nonce implementation in the 'publishunpublishpopupbox' function that verifies a self-created nonce rather than one submitted in the request. This mak...

CVE-2025-2224

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'parsequery' function in all versions up to, and including, 8.2. This makes it possible fo...