WordPress Recover Exit For WooCommerce plugin <= 1.0.3 - Unauthenticated Local File Inclusion vulnerability

Unauthenticated Local File Inclusion vulnerability discovered by hacnho - VCCorp in WordPress Plugin Recover Exit For WooCommerce versions = 1.0.3...

CVE-2026-45544

CVE-2026-45544 affects Nextcloud Tables, part of the Nextcloud platform. From version 0.8.0 to before 1.0.4, the view filter criteria was exposed to users with read‑only permissions, enabling potential disclosure of metadata through the table view. The issue is mitigated by upgrading to Nextcloud...

CVE-2026-10070

CVE-2026-10070 affects macrozheng mall up to version 1.0.3, specifically the Super Admin Password Handler in the /admin/update/ path. The root cause is improper authorization when performing a manipulation, enabling remote exploitation. The description notes that exploitation is possible remotely...

CVE-2026-9376 JPress UCenter Article Submission Endpoint doWriteSave improper authorization

A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Executing a manipulation of the argument id/userId can lead to improper authorization. The attack may be...

CVE-2026-3618 Columns by BestWebSoft <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'columns' Shortcode 'id' Attribute

The Columns by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the printclmns shortcode in all versions up to and including 1.0.3. This is due to insufficient input sanitization and output escaping on the 'id' attribute. The...

PT-2026-25250

Missing Authorization vulnerability in Studio99 Studio99 WP Monitor studio99-wp-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Studio99 WP Monitor: from n/a through = 1.0.3...

PT-2026-23163

Name of the Vulnerable Software and Affected Versions Mikado-Themes Malgré versions through 1.0.3 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local...

CVE-2026-3050 horilla-opensource horilla Leads global.js cross site scripting

A flaw has been found in horilla-opensource horilla up to 1.0.2. Impacted is an unknown function of the file static/assets/js/global.js of the component Leads Module. This manipulation of the argument Notes causes cross site scripting. The attack is possible to be carried out remotely. The exploi...

EUVD-2026-7457

A vulnerability was detected in horilla-opensource horilla up to 1.0.2. This issue affects the function get of the file horillagenerics/globalsearch.py of the component Query Parameter Handler. The manipulation of the argument prevurl results in open redirect. The attack can be executed remotely...

PT-2026-21205

Name of the Vulnerable Software and Affected Versions axiomthemes Photolia versions through 1.0.3 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local...

EUVD-2026-5339

Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4...

PT-2026-5887

Name of the Vulnerable Software and Affected Versions Chapa Payment Gateway Plugin for WooCommerce versions up to and including 1.0.3 Description The Chapa Payment Gateway Plugin for WooCommerce plugin for WordPress is susceptible to sensitive information disclosure. An unauthenticated attacker c...

CVE-2025-62050

Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogmatic blogmatic.This issue affects Blogmatic: from n/a through = 1.0.3...

CVE-2025-62050

Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogmatic blogmatic.This issue affects Blogmatic: from n/a through = 1.0.3...

CVE-2025-68009 WordPress Slider Templates plugin <= 1.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Codeless Slider Templates slider-templates allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slider Templates: from n/a through = 1.0.3...

CVE-2025-68009

Missing Authorization vulnerability in Codeless Slider Templates slider-templates allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slider Templates: from n/a through = 1.0.3...

CVE-2025-66137

Missing Authorization vulnerability in merkulove Searcher for Elementor searcher-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Searcher for Elementor: from n/a through = 1.0.3...

CVE-2025-62050

Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogmatic blogmatic.This issue affects Blogmatic: from n/a through = 1.0.3...

PT-2026-4006

Name of the Vulnerable Software and Affected Versions Searcher for Elementor versions through 1.0.3 Description The software contains a missing authorization issue due to incorrectly configured access control security levels. Recommendations Update Searcher for Elementor to a version later than...

PT-2026-3992

Name of the Vulnerable Software and Affected Versions blazethemes Blogmatic versions through 1.0.3 Description The software contains a flaw related to unrestricted file uploads, allowing potentially dangerous file types to be uploaded. There is no information about the number of potentially...