PT-2026-31095

Name of the Vulnerable Software and Affected Versions DSGVO Google Web Fonts GDPR plugin for WordPress versions up to and including 1.1 Description The DSGVO Google Web Fonts GDPR plugin for WordPress is susceptible to arbitrary file upload due to the absence of file type validation in the...

PT-2026-31198

CVE-2026-39633 Cross-Site Request Forgery CSRF vulnerability in ThemeGoods Grand Car Rental grandcarrental allows Cross Site Request Forgery.This issue affects Grand Car Rental: f… https://t.co/XKSe5YzvBM...

WordPress plugin RT-Theme 18 Extensions 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

PT-2026-31320

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.4.0 Description The install route guard in CI4MS relies on a cache check and the existence of a .env file to prevent access to the setup wizard after installation. If the database is temporarily unreachable when th...

PT-2026-31191

CVE-2026-39626 Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes Armania armania allows Code Injection.This issue affects Arm… https://t.co/tFnseFet6N...

PT-2026-31205

CVE-2026-39640 Cross-Site Request Forgery CSRF vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through = 3… https://t.co/jZUwbHXIkL...

PT-2026-31316

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, This vulnerability is fixed in 0.31.4.0...

PT-2026-31197

CVE-2026-39632 Cross-Site Request Forgery CSRF vulnerability in ThemeGoods Grand Blog grandblog allows Cross Site Request Forgery.This issue affects Grand Blog: from n/a through … https://t.co/OW3wZzxUFW...

WordPress plugin Theme Editor 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-31272

Name of the Vulnerable Software and Affected Versions RT-Theme 18 | Extensions versions through 2.5 Description A Cross-Site Request Forgery CSRF vulnerability exists in RT-Theme 18 | Extensions. This allows attackers to perform actions on behalf of authenticated users without their knowledge...

WordPress plugin RT-Theme 18 Extensions 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2026-34989

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 31.0.0.0, the application fails to properly sanitize user-controlled input when users update their profile name e.g., full name / username. An...

📄 WordPress Madera 2.2.2 Local File Inclusion

WordPress Madera plugin versions 2.2.2 and below suffer from a local file inclusion vulnerability. Exploit Title: WordPress Madara Local File Inclusion Date: November 1, 2025 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: WordPress Theme Madara Software Link: WordPress Theme Madara Teste...

MyBB 跨站脚本漏洞

MyBB MyBulletinBoard is a free, web-based forum software developed by the MyBB team using PHP and MySQL. This software features simplicity in use, support for multiple languages, and scalability. MyBB has a cross-site scripting vulnerability; this vulnerability arises from improper cleaning of...

CVE-2026-5429

Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version 0.8.140 allows a remote unauthenticated threat actor to execute arbitrary code via a potentially damaging crafted color theme name when a local user opens the workspace. This issue requires the user ...

EUVD-2026-18519

Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version 0.8.140 allows a remote unauthenticated threat actor to execute arbitrary code via a potentially damaging crafted color theme name when a local user opens the workspace. This issue requires the user ...

CVE-2026-5429

Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version 0.8.140 allows a remote unauthenticated threat actor to execute arbitrary code via a potentially damaging crafted color theme name when a local user opens the workspace. This issue requires the user ...

CVE-2026-5429 Kiro IDE Webview Cross-Site Scripting via Workspace Color Theme

Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version 0.8.140 allows a remote unauthenticated threat actor to execute arbitrary code via a potentially damaging crafted color theme name when a local user opens the workspace. This issue requires the user ...

CVE-2026-5429

Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version 0.8.140 allows a remote unauthenticated threat actor to execute arbitrary code via a potentially damaging crafted color theme name when a local user opens the workspace. This issue requires the user ...

CVE-2026-5429 Kiro IDE Webview Cross-Site Scripting via Workspace Color Theme

Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version 0.8.140 allows a remote unauthenticated threat actor to execute arbitrary code via a potentially damaging crafted color theme name when a local user opens the workspace. This issue requires the user ...