926 matches found
JLSEC-2026-687 With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is...
With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is supported, rather than those in the CertificateRequest...
EUVD-2026-43053
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Flag attendance field allows Object Injection. This issue affects Flag attendance field versions: from 0.0.0 to 1.2...
EUVD-2026-42790
The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'insappuploadimageasattachment' function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the...
PT-2026-55051
Name of the Vulnerable Software and Affected Versions Surbma | Yoast SEO Breadcrumb Shortcode versions prior to 1.3 Description Cross Site Scripting XSS allows an attacker with contributor privileges to execute malicious scripts in the browser of other users. XSS is a security flaw where an...
CVE-2026-40751
Unauthenticated PHP Object Injection in Ashtanga = 1.2 versions...
CVE-2026-39578
Unauthenticated PHP Object Injection in Valiance = 1.2 versions...
CVE-2026-40751
CVE-2026-40751 affects WordPress Theme Ashtanga versions
CVE-2026-40751 WordPress Ashtanga theme <= 1.2 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Ashtanga = 1.2 versions...
CVE-2026-39578 WordPress Valiance theme <= 1.2 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Valiance = 1.2 versions...
CVE-2026-8883
The Global Body Mass Index Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gbmicalc' shortcode in versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes in the...
CVE-2026-8883 Global Body Mass Index Calculator <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Global Body Mass Index Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gbmicalc' shortcode in versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes in the...
WordPress plugin Global Body Mass Index Calculator 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-7659
The Advanced Social Media Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the social shortcode in all versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2019-25726
All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send requests to the admin interface with UNION-based SQL injection payloads in the id...
CVE-2026-9644 LiveSmart Video Chat <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The LiveSmart Video Chat Live Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'livesmartwidget' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2026-9644 LiveSmart Video Chat <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The LiveSmart Video Chat Live Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'livesmartwidget' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
WordPress plugin Genzel breadcrumbs 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
WordPress Genzel breadcrumbs plugin <= 1.2 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin Genzel breadcrumbs versions = 1.2...
Alloksoft Fast AVI MPEG Splitter 安全漏洞
Alloksoft Fast AVI MPEG Splitter is a multimedia processing tool developed by Alloksoft Corporation, capable of quickly splitting and trimming video files in formats such as AVI and MPEG. Version 1.2 of Alloksoft Fast AVI MPEG Splitter contains a security vulnerability. This vulnerability stems...
PT-2026-40787
Three CVEs CVE-2026-29774, CVE-2026-30015, CVE-2026-30221 exploited the fact that the protocol did not, in version 1.2, canonicalize tool names. Multiple servers in the same session could expose tools named, respectively: readfile the legitimate filesystem server…...