3 matches found
PT-2026-55497
Name of the Vulnerable Software and Affected Versions Ultimate Member versions prior to 2.11.5 Description The Ultimate Member plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because of insufficient input sanitization and output escaping when handling the about me...
CVE-2026-52845
Summary (CVE-2026-52845): Caddy 2.11.x contains a bypass in forward_auth copy_headers where, prior to 2.11.4, the exact client-supplied header was deleted but HTTP header names are later normalized to CGI variables, allowing an underscore alias to collide with a trusted header in FastCGI backends...
CVE-2026-52846
Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy’s stripHTML template function cannot reliably remove all HTML tags from input strings. Certain malformed HTML, such as img src=x onerror=alert, can bypass the tag-stripping logic, potentially leaving dangerous...