CVE-2026-24972

Missing Authorization vulnerability in Elated-Themes Elated Listing eltd-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elated Listing: from n/a through = 1.4...

WordPress Elated Listing plugin <= 1.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Elated Listing versions = 1.4...

WordPress plugin Handyman 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

CVE-2026-0945 Role Delegation - Moderately critical - Access bypass - SA-CONTRIB-2026-002

Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.This issue affects Role Delegation: from 1.3.0 before 1.5.0...

WordPress Woodly Core plugin <= 1.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Woodly Core versions = 1.4...

CVE-2026-22360

Cross-Site Request Forgery CSRF vulnerability in AA-Team SearchAzon searchazon allows Cross Site Request Forgery.This issue affects SearchAzon: from n/a through = 1.4...

CVE-2025-58944

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Manufactory manufactory allows PHP Local File Inclusion.This issue affects Manufactory: from n/a through = 1.4...

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Cross-Site Scripting (XSS), specifically Mutation XSS (mXSS) due to dompurify

Summary dompurify is used by IBM watsonx Orchestrate Developer Edition as part of image: wxo-builder-ui Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...

WordPress SKT PayPal for WooCommerce plugin <= 1.4 - Unauthenticated Payment Bypass vulnerability

Unauthenticated Payment Bypass vulnerability discovered by ch4r0n - FPT Software in WordPress Plugin SKT PayPal for WooCommerce versions = 1.4...

PT-2025-44287

Name of the Vulnerable Software and Affected Versions Jenkins Start Windocks Containers Plugin versions 1.4 and earlier Description A cross-site request forgery CSRF issue exists in the Jenkins Start Windocks Containers Plugin. This flaw allows attackers to force connections to a URL chosen by th...

EUVD-2023-58981

Malicious code in bioql PyPI...

EUVD-2025-25370

Malicious code in bioql PyPI...

CVE-2025-9372

The Ultimate Multi Design Video Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject...

CVE-2025-57911

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Adverts adverts-click-tracker allows DOM-Based XSS.This issue affects Adverts: from n/a through = 1.4...

Linux Distros Unpatched Vulnerability : CVE-2019-11065

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used...

WordPress plugin Linux Promotional Plugin 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

CVE-2025-6689

The FL3R Accessibility Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fl3raccessibilitysuite shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2025-32266

Cross-Site Request Forgery CSRF vulnerability in wp-buy 404 Image Redirection Replace Broken Images broken-images-redirection allows Cross Site Request Forgery.This issue affects 404 Image Redirection Replace Broken Images: from n/a through = 1.4...

WordPress plugin WordPress Galleria 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-14231 · Smartarget · Smartarget Popup

Name of the Vulnerable Software and Affected Versions: Smartarget Popup versions 1.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject...