CVE-2026-42738

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Stored XSS.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...

WordPress Smart Online Order for Clover plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by she11f in WordPress Plugin Smart Online Order for Clover versions = 1.6.0...

CVE-2026-42746

Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Retrieve Embedded Sensitive Data.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...

CVE-2026-42746 WordPress Smart Online Order for Clover plugin <= 1.6.0 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Retrieve Embedded Sensitive Data.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...

CVE-2025-15635

Cross-Site Request Forgery CSRF vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Cross Site Request Forgery.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...

CVE-2026-1674

The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization within the savegutenaformsschema function in all versions up to, and including, 1.6.0. This makes...

CVE-2026-1674 Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder <= 1.6.0 - Authenticated (Contributor+) Limited Options Update in save_gutena_forms_schema()

The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization within the savegutenaformsschema function in all versions up to, and including, 1.6.0. This makes...

CVE-2026-24802

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in briandilley jsonrpc4j src/main/java/com/googlecode/jsonrpc4j modules. This vulnerability is associated with program files NoCloseOutputStream.Java. This issue affects jsonrpc4j: through 1.6.0...

CVE-2026-24802

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in briandilley jsonrpc4j src/main/java/com/googlecode/jsonrpc4j modules. This vulnerability is associated with program files NoCloseOutputStream.Java. This issue affects jsonrpc4j: through 1.6.0...

CVE-2023-7333

A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes sql injection. The attack needs to be launched locally. Upgrading to version 1.6.0 is sufficient to fix this issue...

EUVD-2023-2139

Malicious code in bioql PyPI...

PT-2025-39553

Name of the Vulnerable Software and Affected Versions Roxnor EmailKit versions through 1.6.0 Description An authorization issue exists in Roxnor EmailKit, stemming from incorrectly configured access control security levels. This allows for potential exploitation of the system. Recommendations...

CVE-2025-53456 WordPress SEO Backlink Monitor Plugin <= 1.6.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in activewebsight SEO Backlink Monitor allows Cross Site Request Forgery. This issue affects SEO Backlink Monitor: from n/a through 1.6.0...

CVE-2025-53456 WordPress SEO Backlink Monitor plugin <= 1.8.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in activewebsight SEO Backlink Monitor seo-backlink-monitor allows Cross Site Request Forgery.This issue affects SEO Backlink Monitor: from n/a through = 1.8.0...

PT-2025-35023

Name of the Vulnerable Software and Affected Versions: WP Smart Widgets Better Post & Filter Widgets for Elementor versions through 1.6.0 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting XSS...

CVE-2025-30929

Missing Authorization vulnerability in amazewp fluXtore fluxtore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects fluXtore: from n/a through = 1.6.0...

WordPress plugin fluXtore 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Allocation of Resources Without Limits or Throttling

Overview commons-fileupload:commons-fileupload is a component that provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or...

CVE-2024-27181

In Apache Linkis = 1.5.0, Privilege Escalation in Basic management services where the attacking user is a trusted account allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue...

WordPress plugin Ivy School 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...