Fedora: Security Advisory (FEDORA-2026-675dd9b166)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2026-5774d46593)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 42 Update: wordpress-6.9.4-1.fc42

Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora...

[SECURITY] Fedora 43 Update: wordpress-6.9.4-1.fc43

Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora...

[SECURITY] Fedora 44 Update: wordpress-6.9.4-1.fc44

Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora...

CVE-2026-2631 Datalogics Ecommerce Delivery < 2.6.60 - Unauthenticated Privilege Escalation

The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an unauthenticated REST endpoint that allows any remote user to modify the option datalogicstoken without verification. This token is subsequently used for authentication in a protected endpoint that allows users to perform...

[SECURITY] Fedora 43 Update: wordpress-6.8.3-1.fc43

Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora...

[SECURITY] Fedora 41 Update: wordpress-6.8.3-1.fc41

Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora...

PT-2025-33892 · WordPress · Wp Crontrol

Name of the Vulnerable Software and Affected Versions: WP Crontrol versions 1.17.0 through 1.19.1 Description: The WP Crontrol plugin for WordPress is vulnerable to Server-Side Request Forgery via the wp remote request function. This allows authenticated attackers with Administrator-level access...

PT-2025-30372

Name of the Vulnerable Software and Affected Versions FoxyPress versions up to 0.4.2.1 Description The FoxyPress plugin for WordPress is susceptible to arbitrary file uploads due to insufficient file type validation in the uploadify.php file. This allows unauthenticated attackers to upload...

PT-2025-27048 · WordPress · Ismobile

Name of the Vulnerable Software and Affected Versions: isMobile plugin for WordPress versions up to, and including, 1.1.1 Description: The issue is related to Stored Cross-Site Scripting via the device parameter due to insufficient input sanitization and output escaping. This allows authenticated...

CVE-2023-34029

Cross-Site Request Forgery CSRF vulnerability in Prem Tiwari Disable WordPress Update Notifications and auto-update Email Notifications plugin = 2.3.3 versions...

CVE-2021-32770

Gatsby is a framework for building websites. The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js a...

PT-2025-22024

Name of the Vulnerable Software and Affected Versions: Grand Restaurant WordPress versions n/a through 7.0 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For Grand Restaura...

PT-2025-21561 · WordPress · Wooexim

Name of the Vulnerable Software and Affected Versions: WOOEXIM plugin for WordPress versions prior to 5.0.0 Description: The issue concerns the lack of CSRF verification and proper sanitization and escaping in certain areas of the plugin, which could allow attackers to exploit unauthenticated use...

PT-2025-20373 · WordPress · Nex-Forms

Name of the Vulnerable Software and Affected Versions: NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress versions up to, and including, 8.9.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output...

PT-2025-17352 · WordPress · User Registration & Membership

Name of the Vulnerable Software and Affected Versions: User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress versions up to, and including, 5.1.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonc...

PT-2025-13036

Name of the Vulnerable Software and Affected Versions User Registration & Membership WordPress plugin versions prior to 4.1.2 Description The issue concerns a privilege escalation problem in the User Registration & Membership WordPress plugin. This problem allows unauthenticated users to gain adm...

PT-2025-10080 · WordPress · Reservit Hotel Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Reservit Hotel WordPress plugin versions prior to 3.0 Description: The issue concerns the Reservit Hotel WordPress plugin, which does not properly sanitise and escape some of its settings. This could allow high-privilege users, such as...

Getwid < 2.0.3 - Unauthenticated Arbitrary Email Sending to Admin

Description Any unauthenticated user may send e-mail from the site with any title or content to the admin fetch"http://127.0.0.1:8001/wp-admin/admin-ajax.php?action=getwidsendmail", "headers": "content-type": "application/x-www-form-urlencoded", , "body": "datasubject=Urgent WordPress update neee...