137 matches found
CVE-2026-57747 WordPress Booked plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in Booked = 3.0.0 versions...
CVE-2026-57746 WordPress Booked plugin <= 3.0.0 - Broken Access Control vulnerability
Subscriber Broken Access Control in Booked = 3.0.0 versions...
WordPress Ads by WPQuads plugin <= 3.0.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Ads by WPQuads versions = 3.0.3...
CVE-2026-57636
Contributor SQL Injection in wpForo Forum = 3.0.9 versions...
CVE-2026-40794
Subscriber Broken Access Control in myCred = 3.0.3 versions...
EUVD-2026-31813
A security flaw has been discovered in Squirrel up to 3.2. Impacted is the function ReadObject of the file squirrel/sqobject.cpp of the component Cnut File Handler. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been...
WordPress Smartcat Translator for WPML plugin <= 3.1.77 - Missing Authorization to Unauthenticated Plugin Settings Update vulnerability
Missing Authorization to Unauthenticated Plugin Settings Update vulnerability discovered by Alexis Lafontaine in WordPress Plugin Smartcat Translator for WPML versions = 3.1.77...
NPM: FlowiseAI: Vector Store No Permission Checks
NPM: FlowiseAI: Vector Store No Permission Checks vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...
CVE-2026-42741
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views Display & Edit Ninja Forms...
EUVD-2026-29017
A vulnerability was determined in Squirrel up to 3.2. This affects the function SQFunctionProto::Load of the file squirrel/sqobject.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. T...
NPM: vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution
NPM: vm2 NodeVM nesting: true bypasses require: false allowing sandbox escape and arbitrary OS command execution vulnerability discovered by ? in WordPress Npm vm2 versions = 3.11.0...
CVE-2026-3489
The CVE-2026-3489 entry concerns the DirectoryPress WordPress plugin (Business Directory and Classified Ad Listing) with vulnerable versions up to 3.6.26. The issue is an SQL Injection via the 'packages' parameter caused by insufficient escaping of user input and inadequate SQL query preparation,...
CVE-2026-39665
The CVE describes a DOM-Based XSS vulnerability in the WordPress plugin SEO Friendly Images (seo-image) by Vladimir Prelovac, affecting versions from n/a up to 3.0.5. Root cause: Improper neutralization of input during web page generation. Impact stated across sources as cross-site scripting acce...
CVE-2026-5632 assafelovic gpt-researcher HTTP REST API Endpoint missing authentication
A vulnerability was found in assafelovic gpt-researcher up to 3.4.3. This impacts an unknown function of the component HTTP REST API Endpoint. Performing a manipulation results in missing authentication. It is possible to initiate the attack remotely. The exploit has been made public and could be...
CVE-2026-25100 Stored XSS via SVG File Upload in Bludit
Bludit is vulnerable to Stored Cross-Site Scripting XSS in its image upload functionality. An authenticated attacker with content upload privileges such as Author, Editor, or Administrator can upload an SVG file containing a malicious payload, which is executed when a victim visits the URL of the...
EUVD-2026-15851
Missing Authorization vulnerability in wp-configurator WP Configurator Pro wp-configurator-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Configurator Pro: from n/a through = 3.7.9...
EUVD-2026-15695
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows SQL Injection.This issue affects Addon Jobsearch Chat: from n/a through = 3.0...
CVE-2026-25376 WordPress Addon Jobsearch Chat plugin <= 3.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows Reflected XSS.This issue affects Addon Jobsearch Chat: from n/a through = 3.0...
CVE-2026-25376
CVE-2026-25376 —Concrete details across multiple sources show a Reflected Cross-Site Scripting (XSS) flaw in the WordPress addon/plugin named “Addon Jobsearch Chat” by eyecix, affecting versions through 3.0. The root cause is improper input handling during web page generation , allowing malicious...
EUVD-2026-11916
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Blind SQL Injection.This issue affects Media LIbrary Assistant: from n/a through = 3.32...