CVE-2026-28104

Missing Authorization vulnerability in Aryan Shirani Bid Abadi Site Suggest site-suggest allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Site Suggest: from n/a through = 1.3.9...

EUVD-2026-9759

Missing Authorization vulnerability in Aryan Shirani Bid Abadi Site Suggest site-suggest allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Site Suggest: from n/a through = 1.3.9...

CVE-2026-28104

Missing Authorization vulnerability in Aryan Shirani Bid Abadi Site Suggest site-suggest allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Site Suggest: from n/a through = 1.3.9...

CVE-2026-28104 WordPress Site Suggest plugin <= 1.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Aryan Shirani Bid Abadi Site Suggest site-suggest allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Site Suggest: from n/a through = 1.3.9...

CVE-2026-28104

Missing Authorization vulnerability in Aryan Shirani Bid Abadi Site Suggest site-suggest allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Site Suggest: from n/a through = 1.3.9...

CVE-2026-28104 WordPress Site Suggest plugin <= 1.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Aryan Shirani Bid Abadi Site Suggest site-suggest allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Site Suggest: from n/a through = 1.3.9...

CVE-2026-28104

CVE-2026-28104 refers to a Missing Authorization vulnerability in the WordPress plugin Site Suggest (Site Suggest, plugin version

WordPress plugin Site Suggest 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

PT-2026-23379

Missing Authorization vulnerability in Aryan Shirani Bid Abadi Site Suggest site-suggest allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Site Suggest: from n/a through = 1.3.9...

WordPress Site Suggest plugin <= 1.3.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Site Suggest versions = 1.3.9...

CVE-2026-1714

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Email Relay Abuse in all versions up to, and including, 3.3.2. This is due to the lack of validation on the 'sendto', 'producttitle', 'wlmessage', and 'wlemail'...

CVE-2026-1714

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Email Relay Abuse in all versions up to, and including, 3.3.2. This is due to the lack of validation on the 'sendto', 'producttitle', 'wlmessage', and 'wlemail'...

EUVD-2022-3129

Malicious code in bioql PyPI...

Malicious code in terminal-suggest (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-41409 Malicious code in terminal-suggest (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in yelp_search_suggest (npm)

The package yelpsearchsuggest was found to contain malicious code...

MAL-2025-40449 Malicious code in yelp_search_suggest (npm)

The package yelpsearchsuggest was found to contain malicious code...

The vulnerability of the XWiki.SearchSuggestSourceClass class in the XWiki platform, a collaborative web application platform. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the XWiki.SearchSuggestSourceClass in the XWiki platform is related to improper code generation management. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

Insecure Deserialization

TYPO3 is vulnerable to Insecure Deserialization. The vulnerability is due to failing to properly validate incoming data in the suggest wizard, which allows an attacker to exploit insecure unserialize operations. A valid backend user account is required to exploit this vulnerability...

PT-2024-24096 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 5.0-rc-1 through 14.10.19 XWiki Platform versions 15.5.3 and earlier XWiki Platform versions prior to 15.9-rc-1 Description: The issue allows any user with edit rights on any page to execute code on the server by addin...