CVE-2026-8943

The GoStats for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the gostatsmanage function. This makes it possible for unauthenticated attackers to update the plugin's...

CVE-2026-5204

A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component Parameter Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack can be initiated remotely. The exploi...

CVE-2026-5204

The CVE-2026-5204 entry concerns the Tenda CH22 1.0.0.1 device. Affected is the function formWebTypeLibrary within /goform/webtypelibrary of the Parameter Handler. The input argument webSiteId can be manipulated to trigger a stack-based buffer overflow, exposing the device to remote exploitation....

CVE-2026-3808

A vulnerability was detected in Tenda FH1202 1.2.0.14408. The affected element is the function formWebTypeLibrary of the file /goform/webtypelibrary. Performing a manipulation of the argument webSiteId results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is no...

CVE-2026-3808 Tenda FH1202 webtypelibrary formWebTypeLibrary stack-based overflow

A vulnerability was detected in Tenda FH1202 1.2.0.14408. The affected element is the function formWebTypeLibrary of the file /goform/webtypelibrary. Performing a manipulation of the argument webSiteId results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is no...

PT-2026-21882

Name of the Vulnerable Software and Affected Versions Tenda F453 version 1.0.0.3 Description A security issue has been identified in the Tenda F453 router. The issue resides within the formWebTypeLibrary function located in the /goform/webtypelibrary component of the httpd web server. Manipulatio...

CVE-2026-1944

The CallbackKiller service widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cbksave function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to modify the plugin's site ID settin...

CVE-2026-1944

CVE-2026-1944 concerns the WordPress plugin CallbackKiller service widget, affected versions up to 1.2. The issue is a missing capability check in the cbk_save() function, enabling unauthenticated attackers to modify the plugin’s site ID settings via the cbk_save_v1 AJAX action. Multiple connecte...

CVE-2026-1944

The CallbackKiller service widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cbksave function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to modify the plugin's site ID settin...

CVE-2026-1944 CallbackKiller service widget <= 1.2 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Update

The CallbackKiller service widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cbksave function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to modify the plugin's site ID settin...

WordPress plugin CallbackKiller 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

PT-2026-8084

The CallbackKiller service widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cbk save function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to modify the plugin's site ID...

CVE-2025-7402

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘siteid’ parameter in all versions up to, and including, 4.95 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

CVE-2025-7402

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘siteid’ parameter in all versions up to, and including, 4.95 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

CVE-2025-7402 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.95 - Unauthenticated SQL Injection via site_id

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘siteid’ parameter in all versions up to, and including, 4.95 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

EUVD-2025-198609

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘siteid’ parameter in all versions up to, and including, 4.95 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

PT-2025-47880

Name of the Vulnerable Software and Affected Versions Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager versions prior to 4.95 Description The Ads Pro Plugin for WordPress is susceptible to time-based SQL Injection through the site id parameter. Insufficient input validation and query...

AT&T Confirms Data Breach Affecting Nearly All Wireless Customers

American telecom service provider AT&T has confirmed that threat actors managed to access data belonging to "nearly all" of its wireless customers as well as customers of mobile virtual network operators MVNOs using AT&T's wireless network. "Threat actors unlawfully accessed an AT&T workspace on ...

PT-2024-21383 · Netentsec · Netentsec Ns-Asg Application Security Gateway

Name of the Vulnerable Software and Affected Versions: Netentsec NS-ASG Application Security Gateway version 6.3 Description: A critical issue was found in the Netentsec NS-ASG Application Security Gateway. This issue affects the file /vpnweb/index.php?para=index and allows for SQL injection...

The vulnerability of the index.php?para=index component of the Application Security Gateway NS-ASG Netentsec allows attackers to execute arbitrary SQL queries.

The vulnerability of the index.php?para=index component of the application security gateway NS-ASG Netentsec is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries using the...