CVE-2026-27331

Missing Authorization vulnerability in Magepeople inc. WpTravelly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpTravelly: from n/a through 2.1.5...

CVE-2026-27331

Missing Authorization vulnerability in Magepeople inc. WpTravelly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpTravelly: from n/a through 2.1.5...

EUVD-2026-31961

Missing Authorization vulnerability in Magepeople inc. WpTravelly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpTravelly: from n/a through 2.1.5...

Krayin CRM allows a remote attacker to execute arbitrary code via compose email function

An issue in Krayin CRM v.2.1.5, which was fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...

PT-2026-36116

An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...

Webkul Krayin CRM 代码注入漏洞

Webkul Krayin CRM is a free and open-source CRM solution for small and medium-sized businesses developed by the Indian company Webkul. Version 2.1.5 of Webkul Krayin CRM contains a code injection vulnerability, which stems from issues with the compose email function. This vulnerability could allo...

CVE-2026-36340

An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...

PT-2026-27930

Name of the Vulnerable Software and Affected Versions Feedy versions prior to 2.1.5 Description The software contains a flaw due to improper control of filename handling for include/require statements in the PHP program, leading to a PHP Local File Inclusion issue. This allows for the inclusion o...

CVE-2025-4521

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonatedonorprofile function in versions 2.1.5 to 2.1.9. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2025-70368

CVE-2025-70368 affects Worklenz v2.1.5, with a Stored XSS in the Project Updates feature. The Updates text field renders un-sanitized input in the reporting view, enabling malicious JavaScript execution in a user’s browser. Root cause: lack of input sanitization for stored payloads. Impact per av...

Worklenz security vulnerabilities

Worklenz is a project management tool developed by Worklenz as open source. Version 2.1.5 of Worklenz contains a security vulnerability, which stems from improper input handling during project updates. This vulnerability may lead to storage-based cross-site scripting attacks...

CVE-2025-70368

Worklenz version 2.1.5 contains a Stored Cross-Site Scripting XSS vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. Malicious JavaScript may be executed in a...

WordPress plugin Real Estate Pro has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-4184

Missing Authorization vulnerability in e-plugins Real Estate Pro real-estate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Pro: from n/a through = 2.1.5...

CVE-2020-12759

Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook...

CVE-2025-14845

The NS IE Compatibility Fixer plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in all versions up to, and including, 2.1.5. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify the plugin'...

CVE-2025-69026

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Roxnor PopupKit popup-builder-block allows Retrieve Embedded Sensitive Data.This issue affects PopupKit: from n/a through = 2.1.5...

CVE-2025-69026

Technical details for CVE-2025-69026 are not provided in the supplied documents. The entry mentions exposure of embedded data in Roxnor PopupKit popup-builder-block (

CVE-2025-69026 WordPress PopupKit plugin <= 2.1.5 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Roxnor PopupKit popup-builder-block allows Retrieve Embedded Sensitive Data.This issue affects PopupKit: from n/a through = 2.1.5...

PT-2025-53907

Name of the Vulnerable Software and Affected Versions Roxnor PopupKit versions through 2.1.5 Description A flaw exists in Roxnor PopupKit’s popup-builder-block component that could allow unauthorized retrieval of embedded sensitive data. This issue is categorized as an exposure of sensitive syste...