364455 matches found
CVE-2026-12685 EscortWP <= 3.6.2 - Content Deletion via Vendor-Authored Backdoor
The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator emai...
CVE-2026-12276 LA-Studio Element Kit for Elementor < 1.6.1 - Unauthenticated Open Registration
The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has...
CVE-2026-12123 All-in-One Video Gallery <= 4.8.5 - Authenticated (Subscriber+) Server-Side Request Forgery via 'vdl' Parameter
The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.8.5 via the 'vdl' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locatio...
CVE-2026-21057
Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory...
CVE-2026-21056
Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to access connected device information...
CVE-2026-21055
Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitrary commands with Bixby privilege...
CVE-2026-21054
Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data...
CVE-2026-21053
Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox...
CVE-2026-21052
Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege...
CVE-2026-21051
Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings...
CVE-2026-21050
Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information...
CVE-2026-21049
Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code...
CVE-2026-21048
Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory...
CVE-2026-21046
Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code...
CVE-2026-21045
Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory...
CVE-2026-21044
Improper authorization in KnoxGuardManager prior to SMR Jul-2026 Release 1 allows local attackers to bypass the persistence configuration of the application...
CVE-2026-21043
Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system server privilege...
CVE-2026-21042
Out-of-bounds write in libsavsac.so prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code...
CVE-2026-21041
Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information...
CVE-2026-21040
Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs...
CVE-2026-21039
Improper access control in Settings prior to SMR Jul-2026 Release 1 allows local attackers to configure Theft protection settings...
CVE-2026-15332 zhayujie CowAgent Message Endpoint channel.py authorization
A security flaw has been discovered in zhayujie CowAgent up to 2.1.0. The impacted element is an unknown function of the file channel/channel.py of the component Message Endpoint. The manipulation results in missing authorization. The attack may be launched remotely. The exploit has been released...
CVE-2026-15301 BuddyHolis TableSearch <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The BuddyHolis TableSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-15299 Animation Addons for Elementor <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Weather Widget
The Animation Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'weatherstyle' and 'movedirection' parameters of the Weather widget in all versions up to, and including, 2.6.3. This is due to insufficient output escaping in the Weather widget's render...
CVE-2026-15300 GEO my WP <= 4.5.4 - Unauthenticated SQL Injection via 'distance' / 'lat' / 'lng' Parameters
The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'distance', 'lat', and 'lng' parameters in versions up to, and including, 4.5.4. The values were read from $SERVER'QUERYSTRING' via parsestr bypassing wpmagicquotes, which does not cover $SERVER, then passed through bare...
CVE-2026-15298 TelSender <= 1.14.14 - Unauthenticated Stored Cross-Site Scripting via Telegram Chat Title
The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versions up to, and including, 1.14.14. This is due to insufficient input sanitization when processing Telegram API responses containing attacker-controlled chat titles. This makes it possible for...
CVE-2026-15297 Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) <= 3.1.77 - Reflected Cross-Site Scripting
The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo formely Sendinblue plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.1.77 due to insufficient input sanitization and output escaping. This makes it...
CVE-2026-15296 affiliate-toolkit – WP Affiliate Plugin with Amazon <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The affiliate-toolkit – WP Affiliate Plugin with Amazon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'atkpproduct' shortcode in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. Th...
CVE-2026-15293 WP Business Intelligence Lite <= 3.2.0 - Authenticated (Subscriber+) Missing Authorization to Privilege Escalation via Arbitrary SQL Modification
The WP Business Intelligence Lite plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.2.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
CVE-2026-15291 Chat Help – Click to Chat Button & Form <= 3.1.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure
The Chat Help – Click to Chat Button & Form plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the REST API endpoints /wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/id. This is due to the plugin not performing any...
CVE-2026-15292 Sudoku Shortcode <= 1.0.0 - Authenticated (Contributor+) Cross-Site Scripting via 'background' Shortcode Attribute
The Sudoku Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'background' parameter in the 'sudoku-sc' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2026-15289 Booking calendar, Appointment Booking System <= 3.2.17 - Unauthenticated Time-Based SQL Injection via 'wpdevart_id'
The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpdevartid’ parameter in all versions up to, and including, 3.2.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...
CVE-2026-15290 Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.10.1 - Unauthenticated Blind SQL Injection
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to blind SQL Injection via the search parameter in all versions up to, and including, 2.10.1 due to insufficient escaping on the user supplied...
CVE-2026-15288 SureForms – Drag and Drop Form Builder for WordPress <= 2.2.1 - Unauthenticated Stripe Payment Amount Manipulation
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 2.2.1. This is due to the plugin accepting the payment amount directly from user-controlled POST data in the 'createpaymentintent' and...
CVE-2026-15286 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.5.32 - Incorrect Authorization to Authenticated (Contributor+) Post Publication
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to unauthorized post publication in all versions up to, and including, 3.5.32 due to a misconfigured capability check on the 'getitemspermissioncheck' function permission callback of the...
CVE-2026-15287 rtMedia for WordPress, BuddyPress and bbPress <= 4.6.18 - Authenticated (Subscriber+) SQL Injection
The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 4.6.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...
CVE-2026-15284 King Addons for Elementor <= 51.1.62 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'form_page_id' Parameter
The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formpageid' parameter in versions up to, and including, 51.1.62 This is due to insufficient input sanitization in the addtosubmissions function, which applies sanitizetextfield which preserves...
CVE-2026-15285 The Plus Addons for Elementor <= 6.4.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget Custom Attributes
The Plus Addons for Elementor plugin for WordPress was vulnerable to Authenticated Contributor+ Stored Cross-Site Scripting via the Button widget's customattributes setting in versions up to and including 6.4.11. The render function in modules/widgets/tpbutton.php passed the raw customattributes...
CVE-2026-15283 WPvivid Backup for MainWP <= 0.9.33 - Authenticated (Admin+) Stored Cross-Site Scripting
The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2026-15282 Instant Appointment <= 1.2 - Unauthenticated Arbitrary File Upload
The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'insappuploadimageasattachment' function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the...
CVE-2026-15302 ARMember <= 4.0.27 - Directory Traversal via X-FILENAME
The ARMember plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.0.27 via the 'X-FILENAME' HTTP header. This makes it possible for unauthenticated attackers to upload and overwrite certain files e.g., CSS to directories outside the...
CVE-2026-15331 zhayujie CowAgent Skill Installation service.py _add_package path traversal
A vulnerability was identified in zhayujie CowAgent up to 2.1.0. The affected element is the function addurl/addpackage of the file agent/skills/service.py of the component Skill Installation Handler. The manipulation of the argument Name leads to path traversal. The attack may be initiated...
CVE-2026-15330 zhayujie CowAgent Vision Tool vision.py _download_to_data_url server-side request forgery
A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function buildimagecontent/downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Executing a manipulation of the argument image can lead to server-side request forgery. The attack c...
CVE-2026-13430 Post Export Import with Media <= 1.13.1 - Authenticated (Administrator+) Arbitrary File Upload via Trailing-Dot Filename Bypass in ZIP Media Import
The Post Export Import with Media plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.13.1 via the importmediafilesecure function. This is due to insufficient file extension validation caused by a trailing-dot filename bypass, where the extension...
CVE-2026-11818 WPCafe <= 3.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via REST API
The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possibl...
CVE-2026-11392 WP Hotel Booking <= 2.3.1 - Reflected Cross-Site Scripting via 'check_in_date' and 'check_out_date' Parameters
The WP Hotel Booking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'checkindate' and 'checkoutdate' parameters in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...
CVE-2026-15070 Salon Booking System <= 10.30.32 - Cross-Site Request Forgery to Remote Code Execution via 'value' Parameter
The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce validation on the setCustomText function. This makes it possible for unauthenticated attackers to inje...
CVE-2026-15329 zhayujie CowAgent Browser Tool browser_tool.py BrowserTool._do_navigate information disclosure
A vulnerability was found in zhayujie CowAgent up to 2.1.0. This issue affects the function BrowserTool.donavigate of the file agent/tools/browser/browsertool.py of the component Browser Tool. Performing a manipulation results in information disclosure. The attack can be initiated remotely. The...
CVE-2026-15326 halo-dev halo Theme Installation ThemeUtils.java ThemeUtils.unzipThemeTo path traversal
A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such manipulation of the argument metadata.name leads to path traversal. The attack may be launched remotely. The exploi...
CVE-2026-54423
In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...