CVE-2026-49781

The CVE-2026-49781 entry describes an unauthenticated PHP Object Injection in the WordPress OttoKit plugin, affected versions

CVE-2025-68036

Missing Authorization vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CubeWP: from n/a through = 1.1.27...

WordPress CubeWP plugin <= 1.1.27 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by MD ISMAIL in WordPress Plugin CubeWP versions = 1.1.27...

PT-2025-14745 · WordPress · Getbookingswp

Name of the Vulnerable Software and Affected Versions: GetBookingsWP versions 1.1.27 and earlier Description: The issue is related to a Missing Authorization vulnerability in the GetBookingsWP plugin, which allows exploitation of incorrectly configured access control security levels...

PT-2024-27862 · Unknown · Bradmax Player

Name of the Vulnerable Software and Affected Versions: Bradmax Player versions 1.1.27 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For...