CVE-2026-39617 WordPress Bluestreet theme <= 1.7.3 - Cross Site Request Forgery (CSRF) to Arbitrary Plugin Installation vulnerability

Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This issue affects Bluestreet: from n/a through = 1.7.3...

CVE-2025-53222

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows Reflected XSS.This issue affects tagDiv Opt-In Builder: from n/a through = 1.7.3...

CVE-2025-53222

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Opt-In Builder allows Reflected XSS.This issue affects tagDiv Opt-In Builder: from n/a through 1.7.3...

CVE-2026-24625

Missing Authorization vulnerability in Imaginate Solutions File Uploads Addon for WooCommerce woo-addon-uploads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Uploads Addon for WooCommerce: from n/a through = 1.7.3...

CVE-2026-24625 WordPress File Uploads Addon for WooCommerce plugin <= 1.7.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Imaginate Solutions File Uploads Addon for WooCommerce woo-addon-uploads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Uploads Addon for WooCommerce: from n/a through = 1.7.3...

CVE-2025-69033

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in A WP Life Blog Filter blog-filter allows DOM-Based XSS.This issue affects Blog Filter: from n/a through = 1.7.3...

WordPress WP Twitter Auto Publish plugin <= 1.7.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin WP Twitter Auto Publish versions = 1.7.4...

CVE-2025-48208

Improper Neutralization of Special Elements used in an LDAP Query 'LDAP Injection' vulnerability in Apache HertzBeat . The attacker needs to have an authenticated account with access, and the attack can only be triggered by crafting custom commands. A successful attack would result in arbitrary...

CVE-2025-47459

Cross-Site Request Forgery CSRF vulnerability in Roxnor FundEngine wp-fundraising-donation allows Cross Site Request Forgery.This issue affects FundEngine: from n/a through = 1.7.3...

CVE-2024-54331

Cross-Site Request Forgery CSRF vulnerability in Micha I Plant A Tree i-plant-a-tree allows Stored XSS.This issue affects I Plant A Tree: from n/a through = 1.7.3...

WordPress Uix Page Builder Plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Uix Page Builder versions = 1.7.3...

CVE-2024-54331

Cross-Site Request Forgery CSRF vulnerability in Micha I Plant A Tree i-plant-a-tree allows Stored XSS.This issue affects I Plant A Tree: from n/a through = 1.7.3...

CVE-2024-50523

Unrestricted Upload of File with Dangerous Type vulnerability in RainbowLink Inc. All Post Contact Form allows Upload a Web Shell to a Web Server.This issue affects All Post Contact Form: from n/a through 1.7.3...

PT-2024-13406 · Unknown · Chaosblade

Name of the Vulnerable Software and Affected Versions: Chaosblade versions 0.3 through 1.7.3 Description: The issue allows OS command execution via the cmd parameter without authentication when server mode is used. This is related to the exec.CommandContext in Chaosblade. Recommendations: For...

WordPress WP Social Comments plugin <= 1.7.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Friday Patchstack Alliance in WordPress Plugin WP Social Comments versions = 1.7.3...

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the returnUrl parameter. Remediation Upgrade BTCPayServer.Client to version 1.7.3 or higher. References - GitHub Commit - GitHub PR Credit: Jefferson Gonzales...

CVE-2014-3556

The STARTTLS implementation in mail/ngxmailsmtphandler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command...