EUVD-2025-210158

Administrator Server Side Request Forgery SSRF in PopAd = 1.0.4 versions...

CVE-2025-60175

Administrator Server Side Request Forgery SSRF in PopAd = 1.0.4 versions...

Nextcloud Tables SQL注入漏洞

NextCloud Tables is an open-source table-based application developed by NextCloud. Versions of NextCloud Tables from 0.7.0 to 0.7.7, 0.8.0 to 0.8.10, 0.9.0 to 0.9.8, and 1.0.0 to 1.0.4 have SQL injection vulnerabilities. These vulnerabilities stem from stored injection attacks, allowing...

CVE-2026-7653 r-huijts mcp-server-rijksmuseum MCP index.ts open_image_in_browser os command injection

A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function openimageinbrowser of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument imageUrl results in os command injection. The attack is possible to be...

CVE-2026-3574

The Experto Dashboard for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings fields including 'Navigation Font Size', 'Navigation Font Weight', 'Heading Font Size', 'Heading Font Weight', 'Text Font Size', and 'Text Font Weight' in all versions...

EUVD-2026-15884

Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This issue affects RewardsWP: from n/a through = 1.0.4...

EUVD-2026-15709

Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n/a through = 1.0.4...

CVE-2026-32520

Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This issue affects RewardsWP: from n/a through = 1.0.4...

CVE-2026-25397 WordPress File Uploader for WooCommerce plugin <= 1.0.4 - Path Traversal vulnerability

Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n/a through = 1.0.4...

PT-2026-28034

Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This issue affects RewardsWP: from n/a through = 1.0.4...

PT-2026-27936

Name of the Vulnerable Software and Affected Versions File Uploader for WooCommerce versions through 1.0.4 Description The File Uploader for WooCommerce software contains a path traversal flaw. The issue is due to insufficient sanitization of user-supplied input, specifically allowing the use of...

WordPress RewardsWP plugin <= 1.0.4 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by daroo in WordPress Plugin RewardsWP versions = 1.0.4...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to the AbstractFilterExpressionConverter's handling of operator characters, such as || and &&. This allows authenticated users to bypass metadata-based access controls by supplying arbitrary JSONPath queries to access...

WordPress Advance Block Extend plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via TitleColor Block Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via TitleColor Block Attribute vulnerability discovered by WordFence in WordPress Plugin Advance Block Extend versions = 1.0.4...

CVE-2026-1553

Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4...

WordPress Shortcodes for Elementor plugin <= 1.0.4 - Authenticated (Contributor+) Post Disclosure vulnerability

Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Shortcodes for Elementor versions = 1.0.4...

CVE-2025-66151 WordPress Countdowner for Elementor plugin <= 1.0.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Countdowner for Elementor countdowner-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Countdowner for Elementor: from n/a through = 1.0.4...

CVE-2025-62083

CVE-2025-62083 affects BoomDevs WordPress Coming Soon Plugin (

CVE-2025-62115

Technical details for CVE-2025-62115 are not provided in the supplied documents. Monitor for updates from official advisories or vulnerability databases for affected products, versions, impact, and remediation.

WordPress Simple Video Management System plugin <= 1.0.4 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Simple Video Management System versions = 1.0.4...