12 matches found
CVE-2026-1261
MetForm Pro
30,000 WordPress Sites Affected by Authentication Bypass Vulnerability in Tutor LMS Pro WordPress Plugin
On December 30th, 2025, we received a submission for an Authentication Bypass vulnerability in Tutor LMS Pro, a WordPress plugin estimated to have more than 30,000 active installations. The vulnerability makes it possible for an unauthenticated attacker to gain access to any account on a site...
CVE-2025-68062
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove MinimogWP minimog allows PHP Local File Inclusion.This issue affects MinimogWP: from n/a through = 3.9.6...
CVE-2025-68062
CVE-2025-68062 — WordPress MinimogWP theme <= 3.9.6 suffers an improper filename handling vulnerability allowing PHP Local File Inclusion via Include/Require in the PHP program (PHP Remote File Inclusion). The issue is classified as a high-severity vulnerability (CVSS v3.1 base score 7.5) with...
WordPress plugin MinimogWP 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
PT-2024-21664 · Unknown · Notes Station 3
Name of the Vulnerable Software and Affected Versions: Notes Station 3 versions prior to 3.9.6 Description: A cross-site scripting XSS vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network...
WordPress Plugin MStore API 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...
WordPress plugin WP Shop 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
GHSA-6PW2-5HJV-9PF7 Sandbox bypass in vm2
The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine...
CVE-2021-29005
Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server...
PT-2021-3113 · Moodle +1 · Moodle +1
Name of the Vulnerable Software and Affected Versions: Moodle versions 3.5 to 3.5.17 Moodle versions 3.8 to 3.8.8 Moodle versions 3.9 to 3.9.6 Moodle versions 3.10 to 3.10.3 Description: The issue exists due to insufficient input validation in the virtual learning environment. This allows a remot...
CVE-2007-0818
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-0396. Reason: This candidate is a duplicate of CVE-2007-0396. Notes: All CVE users should reference CVE-2007-0396 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...