WordPress plugin FAQ Builder AYS 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

WordPress plugin Image Alt Text Manager 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-3350 Image Alt Text Manager <= 1.8.2 - Authenticated (Author+) Stored Cross-Site Scripting via Post Title

The Image Alt Text Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.8.2. This is due to insufficient input sanitization and output escaping when dynamically generating image alt and title attributes using a DOM...

CVE-2026-3350

The Image Alt Text Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.8.2. This is due to insufficient input sanitization and output escaping when dynamically generating image alt and title attributes using a DOM...

CVE-2026-3350

CVE-2026-3350 – Image Alt Text Manager (WordPress) stores XSS via post title (Authenticated, Author+). The Wordfence entry for Image Alt Text Manager &lt;= 1.8.2 confirms a stored cross-site scripting vulnerability triggered when generating image alt/title attributes from the post title. Authenti...

WordPress FAQ Builder AYS plugin <= 1.8.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by w41bu1 in WordPress Plugin FAQ Builder AYS versions = 1.8.2...

Malicious code in delphoi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72f68bb459a4772a75900ddec7e0a918b514f2211a2303aa80ef82252078e3b6 The package delphoi was found to contain malicious code. Source: ossf-package-analysis c15c8182b6e392861478887a08b04eb8fecc38b70000313dfaf1cad8ac8bc8...

PT-2026-26717

The Image Alt Text Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.8.2. This is due to insufficient input sanitization and output escaping when dynamically generating image alt and title attributes using a DOM...

Use of Weak Hash

Overview Affected versions of this package are vulnerable to Use of Weak Hash in the P2SH check during deposit reveal. An attacker can cause protocol insolvency by crafting a transaction that embeds a valid P2SH inside a P2PKH output script, which is incorrectly treated as a valid P2SH output by...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the HelloChrome120. An attacker can obtain sensitive information by analyzing TLS fingerprint discrepancies caused by the missing padding extension. Remediation Upgrade github.com/refraction-networking/utls to...

Insertion of Sensitive Information into Log File

Overview @rage-against-the-pixel/unity-cli is an A command line utility for the Unity Game Engine. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the sign-package command when the --verbose flag is enabled. An attacker can obtain sensitive...

CVE-2026-25918

unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...

UBUNTU-CVE-2026-25918

unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...

CVE-2026-25918

unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...

CVE-2026-25918

The CVE concerns the unity-cli tool (specifically the sign-package command in the package @rage-against-the-pixel/unity-cli). Before version 1.8.2, when invoked with --verbose, the command logs sensitive credentials in plaintext by serializing CLI arguments (including --email and --password) with...

CVE-2026-25918 unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command)

unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...

CVE-2026-25918 unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command)

unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...

PT-2026-7170

Name of the Vulnerable Software and Affected Versions unity-cli versions prior to 1.8.2 Description The sign-package command in unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments, including --email and --password, are output via JSON.stringif...

CVE-2026-24985

The CVE-2026-24985 entry describes a Missing Authorization/Broken Access Control vulnerability in the approveme WP Forms Signature Contract Add-On for WordPress, affecting versions up to and including 1.8.2. The issue stems from incorrectly configured access control security levels, enabling unau...

WordPress plugin WP Forms Signature Contract Add-On 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...