CVE-2026-42672

CVE-2026-42672 affects WordPress plugin WP Directory Kit (

CVE-2026-45214 WordPress Xpro Elementor Addons plugin <= 1.5.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Blind SQL Injection.This issue affects Xpro Elementor Addons: from n/a through = 1.5.1...

CVE-2025-23550 WordPress Product Puller plugin <= 1.5.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kemal YAZICI Product Puller allows Reflected XSS.This issue affects Product Puller: from n/a through 1.5.1...

CVE-2025-56157

Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuration does not make PostgreSQL on TCP port 5432 exposed by default in version 1.0.1 or later...

Ubiquiti UniFi Connect EV Station 安全漏洞

Ubiquiti UniFi Connect EV Station is an electric vehicle station from Ubiquiti USA. A security vulnerability exists in Ubiquiti UniFi Connect EV Station version 1.5.1 and prior versions, which stems from improper input validation and could lead to command injection...

PT-2025-21425 · WordPress · Panorama

Name of the Vulnerable Software and Affected Versions: Panorama WordPress plugin versions 1.5.1 and earlier Description: The issue concerns the Panorama WordPress plugin, which does not properly sanitise and escape some of its settings. This could allow high-privilege users, such as administrator...

WordPress plugin DSGVO Youtube 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

biz.eyebeam.mssc:mssc-public-bom (>=1.0.1 <=1.0.12), br.com.faroltech:mssc-brewery-bom (>=1.0.3 <=1.0.5) +943 more potentially affected by CVE-2025-27391 via org.apache.activemq:artemis-commons (>=1.5.1 <=2.3.0)

org.apache.activemq:artemis-commons MAVEN version =1.5.1, =1.0.1, =1.0.3, =5.0.9, =6.0.0, =2.2.1, =2.2.1, =2.2.2, =2.2.1, =1.0.3, =1.0.7364, =1.6, =1.1, =0.1.19, =0.2.5 and more Source cves: CVE-2025-27391 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-9689862...

biz.eyebeam.mssc:mssc-public-bom (>=1.0.1 <=1.0.12), br.com.faroltech:mssc-brewery-bom (>=1.0.3 <=1.0.5) +922 more potentially affected by CVE-2025-27391 via org.apache.activemq:artemis-core-client (>=1.5.1 <=2.3.0)

org.apache.activemq:artemis-core-client MAVEN version =1.5.1, =1.0.1, =1.0.3, =5.0.9, =6.0.0, =2.2.1, =2.2.1, =2.2.2, =2.2.1, =1.0.3, =1.0.7364, =1.6, =1.1, =0.1.19, =0.2.5 and more Source cves: CVE-2025-27391 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-9689863...

WordPress WP Cards plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin WP Cards versions = 1.5.1...

WordPress Product Puller plugin <= 1.5.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Product Puller versions = 1.5.1...

PT-2025-7622 · Unknown · A1Post.Bg Shipping For Woo

Name of the Vulnerable Software and Affected Versions: A1POST.BG Shipping for Woo versions 1.5.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Privilege Escalation. Recommendations: For versions 1.5.1 and earlier, update to a version that fixes...

CVE-2025-23649

Cross-Site Request Forgery CSRF vulnerability in Kreg Steppe Auphonic Importer auphonic-importer allows Stored XSS.This issue affects Auphonic Importer: from n/a through = 1.5.1...

WordPress Send Users Email plugin <= 1.5.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Joshua Chan in WordPress Plugin Send Users Email versions = 1.5.1...

PT-2024-14485 · Ukrsolution · Ukrsolution Barcode Scanner/Inventory Manager

Name of the Vulnerable Software and Affected Versions: UkrSolution Barcode Scanner and Inventory manager versions 1.5.1 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type, which affects the UkrSolution Barcode Scanner and Inventory manager...

PT-2024-14477 · Unknown · Videowhisper Rate Star Review

Name of the Vulnerable Software and Affected Versions: VideoWhisper Rate Star Review – AJAX Reviews for Content, with Star Ratings versions 1.5.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This...

PT-2023-30111 · WordPress · Jens Kuerschner Add To Calendar Button

Name of the Vulnerable Software and Affected Versions: Jens Kuerschner Add to Calendar Button plugin versions 1.5.1 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. It affects users with contributor or higher permissions. There is no information...

DEBIAN-CVE-2023-40968

Buffer Overflow vulnerability in hzeller timg v.1.5.1 and before allows a remote attacker to cause a denial of service via the 0x61200000045c address...

PT-2022-27653 · WordPress · Easy Wp Smtp

Name of the Vulnerable Software and Affected Versions: Easy WP SMTP plugin versions 1.5.1 and earlier Description: The issue is related to an Authenticated Path Traversal vulnerability. This vulnerability affects the Easy WP SMTP plugin on WordPress. Recommendations: For Easy WP SMTP plugin...

Shescape 操作系统命令注入漏洞

shescape is an open source package of simple shell escaping programs for JavaScript. Use it to escape user-controlled input to shell commands to prevent shell injection. shescape versions 1.4.0 through 1.5.1 are vulnerable to an information disclosure vulnerability that stems from using the escap...