PT-2026-46326

Unauthenticated Local File Inclusion in Raider Spirit = 1.1.2 versions...

PT-2026-46111

Name of the Vulnerable Software and Affected Versions SP Project & Document Manager versions prior to 4.72 Description Unauthorized access is possible due to a missing capability check in the view file function. Unauthenticated attackers can read file metadata and obtain download links for...

PT-2026-46181

Name of the Vulnerable Software and Affected Versions WP eMember versions prior to 10.2.3 Description An issue in the software allows the retrieval of embedded sensitive system information by an unauthorized control sphere. Recommendations Update to a version later than 10.2.2...

PT-2026-46331

Unauthenticated Local File Inclusion in MaxiNet = 1.2.10 versions...

PT-2026-46352

Unauthenticated Local File Inclusion in Mission = 1.22 versions...

PT-2026-46364

Unauthenticated Local File Inclusion in Gita = 1.11 versions...

PT-2026-46322

Unauthenticated Local File Inclusion in Modernee = 1.6.0 versions...

PT-2026-46321

Unauthenticated Cross Site Scripting XSS in Qreatix = 1.9.4 versions...

PT-2026-46347

Subscriber Broken Access Control in Genemy = 1.6.6 versions...

PT-2026-46346

Unauthenticated Local File Inclusion in Wanium = 1.9.8 versions...

PT-2026-46341

Unauthenticated Local File Inclusion in Food Drop = 1.3 versions...

PT-2026-46214

WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the post title parameter. Attackers can submit crafted POST requests to the post.php endpoint with script payload...

PT-2026-46369

Unauthenticated Local File Inclusion in Choreo = 1.6 versions...

PT-2026-46332

Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme = 1.2.2 versions...

PT-2026-46375

Unauthenticated Local File Inclusion in Resurs = 1.3 versions...

PT-2026-46349

Unauthenticated Arbitrary File Deletion in Car Zone = 3.7 versions...

PT-2026-46335

Unauthenticated Local File Inclusion in CopyPress = 1.4.5 versions...

PT-2026-46208

WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hc ajax save option action. Attackers can send POST requests to the admin-ajax.php endpoint with the action parameter set t...

PT-2026-46345

Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin = 2.7.2 versions...

PT-2026-46339

Unauthenticated Local File Inclusion in Snow Club = 1.1 versions...