PT-2026-40848

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'datafilter search' parameter in the get cat addons AJAX action in versions up to and including 2.0.7. This is due to insufficient input sanitization and the use of deprecated escaping functions...

PT-2026-21373

The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to unauthorized form deletion in all versions up to, and including, 2.0.7. This is due to the Forms::permission callback only validating the X-WP-Nonce...

WordPress plugin EduBlink 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Apache Shiro 安全漏洞

Apache Shiro is a Java security framework developed by the Apache Foundation in the United States. It is used for authentication, authorization, encryption, and session management. Versions of Apache Shiro such as 1. and 2.0.7 had security vulnerabilities. These vulnerabilities were due to observ...

PT-2026-6254

Name of the Vulnerable Software and Affected Versions Run Contests, Raffles, and Giveaways with ContestsWP versions through 2.0.7 Description A flaw exists in Run Contests, Raffles, and Giveaways with ContestsWP that could allow for the retrieval of embedded sensitive data. The issue is related t...

WordPress Page Builder: Live Composer plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Page Builder: Live Composer versions = 2.1.6...

UBUNTU-CVE-2025-64329

containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is...

CVE-2025-12156 Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One 2.0.7 - 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Post Creation

The Ai Auto Tool Content Writing Assistant Gemini Writer, ChatGPT All in One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savepostdata function in versions 2.0.7 to 2.2.6. This makes it possible for authenticated attackers, with...

PT-2025-44943

The Ai Auto Tool Content Writing Assistant Gemini Writer, ChatGPT All in One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save post data function in versions 2.0.7 to 2.2.6. This makes it possible for authenticated attackers, wit...

WordPress plugin Ai Auto Tool 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-49388

Incorrect Privilege Assignment vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Privilege Escalation.This issue affects Miraculous Core Plugin: from n/a through = 2.0.7...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in http-proxy-middleware-2.0.7.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of http-proxy-middleware-2.0.7.tgz Vulnerability Details CVEID:CVE-2025-32997 DESCRIPTION: In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed. CWE:CWE-754: Improp...

PT-2025-9465

Name of the Vulnerable Software and Affected Versions Helloprint versions n/a through 2.0.7 Description The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'. This allows unauthorized access to files and directories outside the...

WordPress plugin Goodlayers Core 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

SUSE CVE-2024-28176

jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens JWT, JSON Web Signature JWS, JSON Web Encryption JWE, JSON Web Key JWK, JSON Web Key Set JWKS, and more. A vulnerability has been identified in the JSON Web Encryption JWE decryption interfaces...

Fluent Bit 安全漏洞

Fluent Bit is an open source log processing and analysis system written in C. A security vulnerability exists in Fluent Bit versions 2.0.7 through 3.0.3, which stems from a security issue in the parsing of trace requests by the http server that could lead to a denial of service condition,...

CVE-2024-28176 jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext

jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens JWT, JSON Web Signature JWS, JSON Web Encryption JWE, JSON Web Key JWK, JSON Web Key Set JWKS, and more. A vulnerability has been identified in the JSON Web Encryption JWE decryption interfaces...

CVE-2024-28176 jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext

jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens JWT, JSON Web Signature JWS, JSON Web Encryption JWE, JSON Web Key JWK, JSON Web Key Set JWKS, and more. A vulnerability has been identified in the JSON Web Encryption JWE decryption interfaces...

PT-2024-10616 · Unknown · Acumos Design Studio

Name of the Vulnerable Software and Affected Versions: Acumos Design Studio versions up to 2.0.7 Description: A vulnerability was found in Acumos Design Studio, which can be exploited to lead to cross site scripting. The manipulation can be launched remotely. Recommendations: For Acumos Design...

PT-2023-21755 · Estatik · Estatik Mortgage Calculator Plugin

Name of the Vulnerable Software and Affected Versions: Estatik Estatik Mortgage Calculator plugin versions = 2.0.7 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing...