PT-2026-29686

The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.6.2 in the 'MF2::parse authorpage' function via the 'Receiver::post' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...

WordPress The Plus Addons for Elementor - Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonials Widget Settings vulnerability

WordPress The Plus Addons for Elementor - Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin = 5.6.2 - Authenticated Contributor+ Stored Cross-Site Scripting via Testimonials Widget Settings vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin The Plus Addons...

WordPress plugin Grand Tour has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

SUSE CVE-2024-26134

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 8949 serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a...