EUVD-2021-34817

Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious extension packages through the block manager. Attackers can upload a crafted ZIP file containing PHP code in the packageinfo.inc file and...

WordPress plugin Testimonial Slider and Showcase 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2026-20044

The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...

CVE-2026-4299

The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...

CVE-2026-4299 MainWP Child Reports <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via Heartbeat API

The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...

CVE-2026-25344

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme Review Schema review-schema allows Retrieve Embedded Sensitive Data.This issue affects Review Schema: from n/a through = 2.2.6...

EUVD-2026-15657

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme Review Schema review-schema allows Retrieve Embedded Sensitive Data.This issue affects Review Schema: from n/a through = 2.2.6...

CVE-2026-25344

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme Review Schema review-schema allows Retrieve Embedded Sensitive Data.This issue affects Review Schema: from n/a through = 2.2.6...

EUVD-2026-9651

Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through = 2.2.6...

CVE-2026-27541 WordPress Wholesale Suite plugin <= 2.2.6 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through = 2.2.6...

PT-2026-23272

Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through = 2.2.6...

CVE-2021-47834 Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting (Authenticated)

Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact category with a script payload that will execute when the page is viewed by other users...

Schlix CMS cross-site scripting vulnerability

Schlix CMS is a set of open-source content management systems developed by Schlix company, based on PHP and MySQL. The Schlix CMS 2.2.6-6 version has a cross-site scripting vulnerability. This vulnerability stems from the storage-based cross-site scripting in category titles, which may lead to th...

MiracleLinux 8 : cups-2.2.6-63.el8_10 (AXSA:2025-10849:06)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10849:06 advisory. cups: Authentication Bypass in CUPS Authorization Handling CVE-2025-58060 Tenable has extracted the preceding description block directly from the MiracleLin...

CVE-2023-25474

Cross-Site Request Forgery CSRF vulnerability in Csaba Kissi About Me 3000 widget plugin = 2.2.6 versions...

WordPress WP Job Portal plugin <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion vulnerability

Insecure Direct Object Reference to Authenticated Employer+ Arbitrary Job Deletion vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin WP Job Portal versions = 2.2.6...

EUVD-2025-202096

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in rhewlif Donation Thermometer donation-thermometer allows Stored XSS.This issue affects Donation Thermometer: from n/a through = 2.2.6...

CVE-2025-67550

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in rhewlif Donation Thermometer donation-thermometer allows Stored XSS.This issue affects Donation Thermometer: from n/a through = 2.2.6...

CVE-2025-67550

CVE-2025-67550 is a Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Donation Thermometer (donation-thermometer). The issue allows stored XSS due to improper input neutralization during web page generation, affecting the plugin versions

Advisory ROSA-SA-2025-3055

Software: cups 2.2.6 OS: ROSA Virtualization 3.1 unaffected versions = cups-2.2.6-63.rv31 affected versions cups-2.2.6-63.rv31 CVE-ID: CVE-2025-58060 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the CUPS Common UNIX Printing System is related to flaws in the authentication procedure...