PT-2026-45720

Missing Authorization vulnerability in ThimPress Thim Core. This issue affects Thim Core: from n/a through 2.3.3...

EUVD-2026-31027

The VatanSMS WP SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 1.01. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

PT-2026-42270

Name of the Vulnerable Software and Affected Versions Crypt::SaltedHash versions prior to 0.10 Description Crypt::SaltedHash for Perl generates insecure random values for salts because it utilizes the built-in rand function, which is predictable and unsuitable for cryptographic purposes...

CVE-2026-1838

The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcodeid' parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

EUVD-2025-209485

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Lovers WCFM Marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through 3.7.1...

CVE-2026-0686

The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.6.2 in the 'MF2::parseauthorpage' function via the 'Receiver::post' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...

CVE-2026-1268

The Dynamic Widget Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget content field in the Gutenberg editor sidebar in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes ...

PT-2026-6250

Name of the Vulnerable Software and Affected Versions Atarim versions through 4.3.1 Description An authorization issue exists in Vito Peleg Atarim atarim-visual-collaboration, allowing exploitation due to incorrectly configured access control security levels. Recommendations Update Atarim to a...

CVE-2026-22462

Cross-Site Request Forgery CSRF vulnerability in richardevcom Add Polylang support for Customizer add-polylang-support-for-customizer allows Cross Site Request Forgery.This issue affects Add Polylang support for Customizer: from n/a through = 1.4.5...

PT-2026-1642

Name of the Vulnerable Software and Affected Versions Dasinfomedia WPCHURCH versions through 2.7.0 Description An incorrect privilege assignment exists in Dasinfomedia WPCHURCH, allowing for privilege escalation. The issue allows an attacker to gain elevated privileges within the system...

CVE-2025-62124

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Soli WP Post Signature wp-post-signature allows Stored XSS.This issue affects WP Post Signature: from n/a through = 0.4.1...

PT-2025-53913

Name of the Vulnerable Software and Affected Versions Mikado-Themes FiveStar versions through 1.7 Description An authorization bypass exists in Mikado-Themes FiveStar due to incorrectly configured access control security levels. This allows exploitation through a user-controlled key...

PT-2025-53242

Name of the Vulnerable Software and Affected Versions tmtraderunner Trade Runner versions n/a through 3.14 Description A Cross-Site Request Forgery CSRF issue exists in tmtraderunner Trade Runner. This allows attackers to potentially perform actions on behalf of an authenticated user without thei...

PT-2025-52739

Name of the Vulnerable Software and Affected Versions VillaTheme HAPPY versions through 1.0.9 Description A missing authorization issue exists in VillaTheme HAPPY, allowing exploitation of incorrectly configured access control security levels. Recommendations Update VillaTheme HAPPY to a version...

CVE-2025-62103

Cross-Site Request Forgery CSRF vulnerability in wpmediadownload Media Library File Download media-download allows Cross Site Request Forgery.This issue affects Media Library File Download: from n/a through = 1.4...

PT-2025-46810

Name of the Vulnerable Software and Affected Versions codepeople Contact Form Email versions through 1.3.58 Description An authorization issue exists in codepeople Contact Form Email, allowing exploitation of incorrectly configured access control security levels. Recommendations Update to a versi...

CVE-2025-5343

Zohocorp ManageEngine Exchange Reporter Plus versions through 5721 are vulnerable to Stored Cross Site Scripting in the Instant Search option...

CVE-2025-12422

Vulnerable Upgrade Feature Arbitrary File Write may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

PT-2025-43752

Name of the Vulnerable Software and Affected Versions BLU-IC2 versions through 1.19.5 BLU-IC4 versions through 1.19.5 Description The software contains a flaw related to mail configuration file manipulation that can lead to command execution. The issue affects the handling of configuration files,...

PT-2025-43260

Name of the Vulnerable Software and Affected Versions PickPlugins Accordion versions through 2.3.14 Description A missing authorization issue exists in PickPlugins Accordion accordions, allowing exploitation of incorrectly configured access control security levels. Recommendations Versions prior ...