CVE-2026-39575 WordPress Custom Query Blocks plugin <= 5.5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through = 5.5.0...

CVE-2026-39575 WordPress Custom Query Blocks plugin <= 5.5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through = 5.5.0...

CVE-2026-39575

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through = 5.5.0...

CVE-2026-39575

CVE-2026-39575 affects the WordPress plugin “Custom Query Blocks” (Ronald Huereca) for the post-type-archive-mapping feature, with DOM-based XSS caused by improper neutralization of input during web page generation. Affected versions are

CVE-2026-39496 WordPress YayMail plugin <= 4.3.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce YayMail yaymail allows Blind SQL Injection.This issue affects YayMail: from n/a through = 4.3.3...

CVE-2026-39495 WordPress Simply Schedule Appointments plugin <= 1.6.9.27 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Blind SQL Injection.This issue affects Simply Schedule Appointments: from n/a through = 1.6.9.27...

CVE-2026-39486

The CVE-2026-39486 entry concerns the WordPress Download Monitor plugin (Download Monitor) with versions &lt;= 5.1.8, where improper neutralization of SQL commands leads to Blind SQL Injection. The Red Hat, NVD, EUVD, CVE List, and vuln enrichment records confirm a vulnerability in this plugin; n...

CVE-2026-39479 WordPress OttoKit plugin <= 1.1.20 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Brainstorm Force OttoKit suretriggers allows Blind SQL Injection.This issue affects OttoKit: from n/a through = 1.1.20...

CVE-2026-39479

The CVE-2026-39479 entry documents a vulnerability in the WordPress OttoKit SureTriggers plugin (OttoKit) affecting versions up to 1.1.20. The issue is Improper Neutralization of Special Elements used in an SQL Command, i.e., a Blind SQL Injection condition. Reported across multiple sources (NVD,...

CVE-2026-39475

CVE-2026-39475 describes a SQL Injection vulnerability in the WordPress plugin WordPress User Feedback plugin (assumed: “userfeedback-lite” by Syed Balkhi) affecting versions up to and including 1.10.1. The issue is a not-neutralized input scenario allowing Blind SQL Injection. Public sources in ...

CVE-2026-39475 WordPress User Feedback plugin <= 1.10.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Feedback: from n/a through = 1.10.1...

CVE-2026-3781 Attendance Manager <= 0.6.2 - Authenticated (Subscriber+) SQL Injection via 'attmgr_off' Parameter

The Attendance Manager plugin for WordPress is vulnerable to SQL Injection via the 'attmgroff' parameter in all versions up to, and including, 0.6.2. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

PT-2026-31447

A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27fdf3d8fab8da81f3893468f53b2797c. The affected element is an unknown function of the file server.js of the component API Proxy Endpoint. Performing a manipulation of the argument Query results in server-side request...

PT-2026-31162

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through = 5.5.0...

PT-2026-31412

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, a SQL injection has been identified in some code sections for the MRI feedback popup window of the imaging...

ROS-20260408-73-0022

A vulnerability in the brmulticastqueryexpired function of the net/bridge/brmulticast.c component of the Linux kernel is related to resource release errors. Exploitation of the vulnerability allows an attacker to cause a denial of service...

PT-2026-31083

Name of the Vulnerable Software and Affected Versions MATCHA INVOICE versions 2.6.6 and earlier Description A SQL Injection vulnerability exists that may allow a logged-in user to obtain or alter information stored in the database. Recommendations Update to a newer version to address this...

PT-2026-31539

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.2 through 18.8.9, 18.9 through 18.9.5, and 18.10 through 18.10.3 Description The issue involves improper input validation in GraphQL queries, potentially allowing an authenticated user to cause a denial of service to the...

LORIS Neuroimaging Platform SQL注入漏洞

LORIS Neuroimaging Platform is a neuroimaging platform open sourced by ACElab. Versions of LORIS Neuroimaging Platform prior to 27.0.3 and 28.0.1 contained a SQL injection vulnerability. This vulnerability stems from SQL injections in the MRI feedback pop-up window of the imaging browser, which...

WordPress plugin Custom Query Blocks 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...