CVE-2026-34055 OpenEMR has IDOR in Patient Notes Web UI allows unauthorized note access/modification

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the legacy patient notes functions in library/pnotes.inc.php perform updates and deletes using WHERE id = ? without verifying that the note belongs to a patient the...

CVE-2026-3906

WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature block-level collaboration annotations was introduced in WordPress 6.9 to allow editorial comments directly on posts in the block editor. However, the REST API createitempermissionscheck method in...

CVE-2025-12498

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized booking note creation due to a missing capability check on the 'bookingaddnotes' function in all versions up to, and including, 4.2.0.0. This makes it possible for authenticated attackers, wi...

PT-2025-45556

Name of the Vulnerable Software and Affected Versions EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress versions up to and including 4.2.0.0 Description The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is susceptible to unauthorized booking note...

WordPress plugin Page & Post Notes 安全漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in...