EUVD-2026-31022

The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'anomifyapikey' parameter in versions up to and including 0.3.6. This is due to insufficient input sanitization and missing output escaping: the plugin applies sanitizetextfie...

CVE-2026-6404

The CVE-2026-6404 case concerns the WordPress plugin Anomify AI – Anomaly Detection and Alerting (versions ≤ 0.3.6). The vulnerability is Stored Cross-Site Scripting (XSS) exploited via the anomify_api_key parameter. The root cause is inadequate input sanitization and missing output escaping: san...

WordPress Anomify AI – Anomaly Detection and Alerting plugin <= 0.3.6 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Anomify AI – Anomaly Detection and Alerting versions = 0.3.6...

WordPress Anomify AI – Anomaly Detection and Alerting plugin <= 0.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Anomify AI – Anomaly Detection and Alerting versions = 0.3.6...

Tencent WeKnora 授权问题漏洞

Tencent WeKnora is an enterprise-level LLM knowledge base and RAG platform developed by Tencent, a Chinese technology company. Versions of Tencent WeKnora prior to 0.3.6 contained an authorization vulnerability. This vulnerability stemmed from the function getKnowledgeBaseForInitialization in the...

Unity Linux 20.1060e / 20.1070e Security Update: audiofile (UTSA-2026-017497)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017497 advisory. Integer overflow in modules/MSADPCM.cpp in Audio File Library aka audiofile 0.3.6 allows remote attackers to cause a denial of service crash via a crafted file...

CVE-2025-62874

Missing Authorization vulnerability in Alexander AnyComment anycomment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyComment: from n/a through = 0.3.6...

CVE-2025-62874

Missing Authorization vulnerability in Alexander AnyComment anycomment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyComment: from n/a through = 0.3.6...

CVE-2025-62874 WordPress AnyComment plugin <= 0.3.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Alexander AnyComment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyComment: from n/a through 0.3.6...

EUVD-2025-205978

Missing Authorization vulnerability in Alexander AnyComment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyComment: from n/a through 0.3.6...

PT-2025-54397

Missing Authorization vulnerability in Alexander AnyComment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyComment: from n/a through 0.3.6...

WordPress plugin AnyComment 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2025-45281

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Alexander AnyComment anycomment allows PHP Local File Inclusion.This issue affects AnyComment: from n/a through = 0.3.6...

AZL-68885 CVE-2025-50950 affecting package audiofile 0.3.6-27

Audiofile v0.3.7 was discovered to contain a NULL pointer dereference via the ModuleState::setup function...

CVE-2025-48091

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Alexander AnyComment anycomment allows SQL Injection.This issue affects AnyComment: from n/a through = 0.3.6...

EUVD-2025-35568

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Alexander AnyComment anycomment allows SQL Injection.This issue affects AnyComment: from n/a through = 0.3.6...

CVE-2025-48091

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Alexander AnyComment anycomment allows SQL Injection.This issue affects AnyComment: from n/a through = 0.3.6...

CVE-2025-48091

CVE-2025-48091 affects WordPress AnyComment plugin up to version 0.3.6. Multiple connected sources (CNVD-2025-25836, RH:CVE-2025-48091, PT-2025-43154) attribute SQL Injection to improper neutralization of external SQL elements in AnyComment, enabling arbitrary SQL execution and potential data exp...

PT-2025-43154

Name of the Vulnerable Software and Affected Versions Alexander AnyComment versions through 0.3.6 Description A flaw exists in Alexander AnyComment that allows for SQL Injection. The issue is due to improper neutralization of special elements used in an SQL command. This could allow an attacker t...

WordPress AnyComment plugin <= 0.3.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Rooting in WordPress Plugin AnyComment versions = 0.3.6...