CVE-2020-37246

Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated attackers to read and delete arbitrary files by manipulating the download path parameter. Attackers can modify the download parameter in admin.php requests with directory traversal sequences to access...

CVE-2020-37246 WordPress Plugin Supsystic Backup 2.3.9 Local File Inclusion

Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated attackers to read and delete arbitrary files by manipulating the download path parameter. Attackers can modify the download parameter in admin.php requests with directory traversal sequences to access...

PT-2026-33055

Name of the Vulnerable Software and Affected Versions Product Pricing Table by WooBeWoo versions prior to 1.1.1 Description The Product Pricing Table by WooBeWoo plugin for WordPress is susceptible to Cross-Site Request Forgery. This issue occurs because of missing or incorrect nonce validation i...

CVE-2025-12526

The Private Google Calendars plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pgcremove' action in all versions up to, and including, 20250811. This makes it possible for authenticated attackers, with Subscriber-level access and...

EUVD-2025-60942

The Private Google Calendars plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pgcremove' action in all versions up to, and including, 20250811. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2025-12526

CVE-2025-12526 concerns the Private Google Calendars plugin for WordPress. Technical details in connected sources show a missing capability check on the pgc_remove action in versions up to 20250811, enabling authenticated attackers with Subscriber-level access or higher to reset the plugin’s sett...

CVE-2025-12526 Private Google Calendars <= 20250811 - Missing Authorization to Authenticated (Subscriber+) Settings Reset

The Private Google Calendars plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pgcremove' action in all versions up to, and including, 20250811. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2025-12526 Private Google Calendars <= 20250811 - Missing Authorization to Authenticated (Subscriber+) Settings Reset

The Private Google Calendars plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pgcremove' action in all versions up to, and including, 20250811. This makes it possible for authenticated attackers, with Subscriber-level access and...

PT-2025-46275

Name of the Vulnerable Software and Affected Versions Private Google Calendars plugin for WordPress versions prior to 20250811 Description The Private Google Calendars plugin for WordPress is susceptible to unauthorized data modification. This is caused by a missing capability check on the pgc...

MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki 1.36, which stems from the fact that the Aggregategroups Acti...

Sticky Keys Persistence Module

This module makes it possible to apply the 'sticky keys' hack to a session with appropriate rights. The hack provides a means to get a SYSTEM shell using UI-level interaction at an RDP login screen or via a UAC confirmation dialog. The module modifies the Debug registry setting for certain...