PT-2026-49231

Name of the Vulnerable Software and Affected Versions Cornerstone versions prior to 7.8.8 Description A flaw allows a user with subscriber privileges to achieve arbitrary code execution, which is the ability to run unauthorized commands or code on the host system. Recommendations Update to versio...

PT-2026-49232

Name of the Vulnerable Software and Affected Versions GPTranslate – Multilingual AI Translation for WordPress versions prior to 2.32.7 Description An unauthenticated SQL Injection exists in the GPTranslate plugin for WordPress. This allows an attacker to execute arbitrary SQL queries on the...

PT-2026-49187

Name of the Vulnerable Software and Affected Versions OttoKit versions prior to 1.1.28 Description Unauthenticated PHP Object Injection occurs in the software. PHP Object Injection is a vulnerability that allows an attacker to pass malicious serialized objects into the application, which can lead...

PT-2026-49117

Name of the Vulnerable Software and Affected Versions Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms versions prior to 1.1.2 Description An unauthenticated PHP Object Injection issue exists in the software. PHP Object Injection occurs when user-supplied input i...

PT-2026-49107

Name of the Vulnerable Software and Affected Versions WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms versions prior to 1.1.5 Description An unauthenticated PHP Object Injection issue exists in the plugin. PHP Object Injection occurs when user-supplied input is...

PT-2026-49116

Name of the Vulnerable Software and Affected Versions Shared Files versions prior to 1.7.65 Description An unauthenticated path traversal issue exists, allowing an attacker to access files and directories outside the intended folder on the server. Recommendations Update to a version newer than...

PT-2026-49143

Name of the Vulnerable Software and Affected Versions WP Go Maps versions prior to 10.0.10 Description The plugin fails to properly enforce the marker approval filter on the admin-ajax fallback for its datatables route. This allows unauthenticated visitors to retrieve marker records that the site...

PT-2026-35427

Name of the Vulnerable Software and Affected Versions Booking Activities versions prior to 1.16.48.2 Description An unauthenticated broken access control issue exists in the software, allowing users to bypass authorization checks without providing credentials. Recommendations Update to version...

PT-2026-35640

Name of the Vulnerable Software and Affected Versions Shipment Tracker for Woocommerce versions prior to 1.5.3.3 Description A Cross Site Scripting XSS issue exists that allows users with the Subscriber role to execute malicious scripts in the context of the application. Recommendations Update to...

PT-2026-35424

Name of the Vulnerable Software and Affected Versions JupiterX Core versions prior to 4.14.2 Description Cross Site Scripting XSS exists in the subscriber role, allowing an attacker to execute malicious scripts in the victim's browser. Recommendations Update to version 4.14.2 or later...

PT-2026-33765

https://t.co/4bpvciSJjS CVE-2026-39533 WordPress plugin vulnerability another-wordpress-classifieds-plugin cybersecurity wordpressfirewall wordpresssecurity hack…...

PT-2026-33764

Name of the Vulnerable Software and Affected Versions Simply Schedule Appointments versions prior to 1.6.9.28 Description An unauthenticated SQL Injection exists in the software, allowing an attacker to execute arbitrary SQL queries without needing to log in. SQL Injection is a technique where...

PT-2026-31710

Name of the Vulnerable Software and Affected Versions WishList Member X versions prior to 3.29.1 Description A flaw allows users with subscriber privileges to perform arbitrary file uploads. This occurs when the application fails to properly validate files uploaded by users with low-level...

EUVD-2022-51874

Malicious code in bioql PyPI...

EUVD-2022-51871

Malicious code in bioql PyPI...

Spam protection, Anti-Spam, FireWall by CleanTalk Plugin for WordPress < 6.44 Authorization Bypass

The WordPress Spam protection, Anti-Spam, FireWall by CleanTalk Plugin installed on the remote host is affected by an authorization bypass vulnerability via reverse DNS spoofing. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported...

CVE-2022-4539

The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1.2. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the...

CVE-2022-4536

The IP Vault – WP Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the...

CVE-2022-47171

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paul C. Schroeder IP Vault – WP Firewall plugin = 1.1 versions...

WordPress Firewall 2 1.3 Plugin - Cross-Site Request Forgery / Cross-Site Scripting Vulnerabilities

Exploit for php platform in category web applications alert1" !-- In a real attack, forms can be submitted automatically and spear-phishing attacks can be convincing. Mitigations ================ Disable the plugin until a new version is released that fixes this bug. Disclosure policy...