366585 matches found
CVE-2023-49899 Origin Validation Error in X-Rite MA-T6
An unauthenticated remote attacker can execute any command on the affected device due to not correctly verifying the origin of a communication channel...
CVE-2023-49900 Origin Validation Error in X-Rite MA-T6
An unauthenticated remote attacker is able to perform remote code execution due to incorrectly sanitized user input in the SetParameter command...
CVE-2026-22752 Spring Security Authorization Server Dynamic Client Registration endpoints perform insufficient validation of client metadata
Authentication bypass by primary weakness vulnerability in Spring Security Spring Authorization Server. This issue affects Spring Authorization Server: from 7.0.0 through 7.0.4, from 1.5.0 through 1.5.6, from 1.4.0 through 1.4.9, from 1.3.0 through 1.3.10...
CVE-2026-6424 Use-after-free vulnerability in ESET security products for Linux
Use-after-free vulnerability in ESET Linux products potentially allowed an attacker to trigger kernel panic on the system...
CVE-2026-15324 SysBasics Customize My Account for WooCommerce <= 4.4.14 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via 'row_type' Parameter
The SysBasics Customize My Account for WooCommerce – Live My Account Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rowtype' parameter in all versions up to, and including, 4.4.14 due to insufficient input sanitization and output escaping. This makes it...
CVE-2026-15021 wpForo Forum <= 3.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'location' Profile Field
The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'location' Profile Field in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access...
CVE-2026-15103 WPFunnels <= 3.12.8 - Authenticated (Funnel Manager+) Privilege Escalation via 'group_id' Path Parameter
The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Privilege Escalation via arbitrary option update in all versions up to, and including, 3.12.8. This is due to the updatesettings REST callback failing to validate the groupid path...
CVE-2026-15727 WP Bulk Delete <= 1.4.2 - Authenticated (Administrator+) SQL Injection via 'delete_user_roles' Parameter
The WP Bulk Delete plugin for WordPress is vulnerable to generic SQL Injection via the 'deleteuserroles' parameter in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2026-13741 Digits: WordPress Mobile Number Signup and Login <= 9.1.0.5 - Authenticated (Subscriber+) Privilege Escalation via 'digits_reg_userrole' Parameter
The Digits: WordPress Mobile Number Signup and Login plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 9.1.0.5. This is due to missing authorization and role validation in the digupdatewpwccustomfields function. This makes it possible for authenticat...
CVE-2026-15005 Loco Translate <= 2.8.5 - Cross-Site Request Forgery to Remote Code Execution via 'template' Parameter
The Loco Translate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.5. This is due to missing or incorrect nonce validation on the execTemplate function. This makes it possible for unauthenticated attackers to execute arbitrary PHP code on...
CVE-2026-58078 Joomla Extension - themexpert.com - Unauthenticated SQL injection in Quix Page Builder Pro < 6.2.1
The Joomla extension Quix Page Builder Pro is vulnerable to an unauthenticated SQL injection...
CVE-2026-6423 Local privilege escalation via unauthenticated ALPC in ESET Inspect Connector
A local privilege escalation vulnerability in ESET Inspect Connector. The vulnerability was caused by improper authentication in an IPC channel...
CVE-2026-13755 Tickera <= 3.6.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'price_wrapper' Shortcode Attribute
The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'pricewrapper' Shortcode Attribute in all versions up to, and including, 3.6.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2026-15610 WPBot <= 8.5.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary RAG Document Re-Sync via ajax_rag_manual_sync() Function
The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 8.5.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2026-15106 WPBot <= 8.5.6 - Missing Authorization to Unauthenticated Arbitrary Chat Session Deletion via 'userid' Parameter
The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 8.5.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2026-15651 WP TripAdvisor Review Slider <= 14.6 - Authenticated (Administrator+) SQL Injection via 'filtersource' Parameter
The WP TripAdvisor Review Slider plugin for WordPress is vulnerable to generic SQL Injection via the 'filtersource' parameter in all versions up to, and including, 14.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2026-15407 Themify Builder <= 7.7.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Stylesheet Write/Delete via tb_generate_on_fly AJAX Action
The Themify Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 7.7.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2026-15008 Uncanny Automator <= 7.3.1.4 - Unauthenticated PHP Object Injection to Arbitrary File Deletion via Forminator Submitted-Field Token
The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the frtoken function in all versions up to, and including, 7.3.1.4. This makes it possible for...
CVE-2026-15022 Tutor LMS <= 4.0.0 - Authenticated (Subscriber+) SQL Injection via Stored Quiz Answer Array
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic SQL Injection via Stored Quiz Answer Array in all versions up to, and including, 4.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...
CVE-2026-13754 Tickera <= 3.6.0.0 - Authenticated (Staff+) SQL Injection via 's' Parameter
The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 3.6.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2026-7543 Breakdance <= 2.7.1 - Unauthenticated Stored Cross-Site Scripting via Webhook Action Details
The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fields' parameter in versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2026-15350 The Cache Purger <= 2.3.20 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Log Deletion via 'the_log_purge' Parameter
The The Cache Purger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.3.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2026-13767 Quiz and Survey Master (QSM) <= 11.2.0 - Authenticated (Custom+) SQL Injection via 'pages' Parameter
The Quiz Master Next plugin for WordPress is vulnerable to SQL Injection via stored quiz page data in versions up to, and including, 11.2.0. This is due to insufficient escaping on the user-supplied 'pages' parameter persisted by the qsmajaxsavepages AJAX handler sanitizetextfield only and lack o...
CVE-2026-15099 WP Delicious <= 1.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'steps' Block Attribute
The Delicious Recipes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'steps' block attribute in versions up to, and including, 1.10.2. This is due to insufficient input sanitization and output escaping in the wrapdirectiontext function, which interpolates the...
CVE-2026-12979 FunnelKit < 3.15.0.6 - Admin+ Arbitrary File Deletion via Path Traversal in Template Importer
The FunnelKit WordPress plugin before 3.15.0.6 does not validate a user-supplied path before deleting a file during a template-import operation, allowing users with administrator privileges to delete arbitrary .json files outside the intended directory through path traversal, which can disable...
CVE-2026-12684 Customer Reviews for WooCommerce < 5.113.0 - Unauthenticated Arbitrary Media Upload via cr_upload_media
The Customer Reviews for WooCommerce WordPress plugin before 5.113.0 does not perform authentication, capability, or nonce checks on one of its media upload AJAX actions when the review media attachment feature is enabled, allowing unauthenticated users to upload media files bounded to an image a...
CVE-2026-12869 Header Footer Builder for Elementor < 1.2.1 - Contributor+ Stored XSS via Template Import
The Header Footer Builder for Elementor WordPress plugin before 1.2.1 does not require an administrative capability for its dashboard template-import action it allows any editposts user, so a Contributor can import a template containing an Elementor HTML widget configured to display site-wide,...
CVE-2026-12906 RTMKit Addons for Elementor < 2.0.9 - Contributor+ Private Post Title Disclosure
The RTMKit WordPress plugin before 2.0.9 does not perform a capability check in one of its AJAX actions and resolves a request-supplied post identifier directly, allowing users with at least the Contributor role to read the titles of other users' private, draft, pending, scheduled and trashed pos...
CVE-2026-12907 RTMKit Addons for Elementor < 2.0.9 - Author+ Site-Wide Theme Builder Template Creation and Activation
The RTMKit WordPress plugin before 2.0.9 does not perform a proper capability check on one of its -builder AJAX actions, allowing users with at least the Author role to create and activate a site-wide template that overrides the header, footer or other global areas displayed to all visitors, whic...
CVE-2026-12978 FunnelKit < 3.15.0.6 - Reflected XSS via Divi Optin Form
The FunnelKit WordPress plugin before 3.15.0.6 does not escape a user-supplied parameter before reflecting it into the HTML response of one of its page-builder AJAX actions, allowing unauthenticated attackers to perform Reflected Cross-Site Scripting against logged-in users who open a crafted pag...
CVE-2026-12492 Happy Coders OTP Login for WooCommerce < 2.8 - Unauthenticated Account Takeover via hcotp_auto_login_user
The Happy Coders OTP Login for WooCommerce WordPress plugin before 2.8 does not verify that a one-time password was actually validated before authenticating a user based on a supplied identifier, allowing unauthenticated attackers to log in as any existing user, including administrators, as well ...
CVE-2026-12510 AI Engine < 3.5.5 - Subscriber+Chatbot Discussion Disclosure and Takeover via IDOR
The AI Engine WordPress plugin before 3.5.5 does not verify that a user owns the chatbot conversation referenced by a client-supplied identifier, allowing users with subscriber-level access to read other users' private conversations and take over their conversation records when the discussions...
CVE-2026-12525 Redux Framework < 4.5.13 - Subscriber+ Privilege Escalation to Administrator
The Redux Framework WordPress plugin before 4.5.13 does not restrict which user meta keys can be written when saving custom profile fields, allowing users with at least the Subscriber role to escalate their privileges to Administrator by submitting a crafted value while updating their own profile...
CVE-2026-12585 Abandoned Cart Lite for WooCommerce < 6.8.2 - Unauthenticated Account Takeover via Malleable Recovery-Link Token
The Abandoned Cart Lite for WooCommerce WordPress plugin before 6.8.2 does not protect the integrity of its cart-recovery tokens or bind them to the requesting account, allowing unauthenticated attackers to forge a recovery link that logs them in as another user when the automatic-login option is...
CVE-2026-12395 WP Job Portal < 2.5.5 - Subscriber+ SQL Injection via Applied Resumes 'ta' Parameter
The WP Job Portal WordPress plugin before 2.5.5 does not properly sanitize and escape a parameter before using it in a SQL query, allowing authenticated users with a subscriber-level self-registerable account to perform SQL injection attacks...
CVE-2026-11866 LatePoint < 5.6.3 - Multiple Privileged Actions via CSRF
The Appointment Booking Plugin WordPress plugin before 5.6.3 does not validate a CSRF nonce on several state-changing actions handled by its central request dispatcher, allowing attackers to perform privileged actions, such as overwriting the booking-form configuration or disconnecting the...
CVE-2026-11371 BetterDocs < 4.5.5 - Unauthenticated Stored XSS via AI Doc Summarizer Prompt Injection
The BetterDocs WordPress plugin before 4.5.5 does not sanitise an AI-generated documentation summary before storing and outputting it, and the feature that generates it is exposed to unauthenticated users, allowing them to store a malicious payload via prompt injection that executes in the browse...
CVE-2026-15925 Improper TLS Hostname Verification in Snowflake Connector for Python
Improper TLS hostname verification in Snowflake Connector for Python versions prior to 4.7.1 may have allowed a network-positioned attacker to bypass certificate hostname validation on HTTPS connections made by the connector. An attacker with on-path network access could exploit this by...
CVE-2026-53366 ipv4: account for fraggap on the paged allocation path
In the Linux kernel, the following vulnerability has been resolved: ipv4: account for fraggap on the paged allocation path In ipappenddata, when the paged-allocation branch is taken, alloclen and pagedlen are computed as alloclen = fragheaderlen + transhdrlen; pagedlen = datalen - transhdrlen;...
CVE-2026-15013 SAML Single Sign On <= 5.4.3 - Unauthenticated Authentication Bypass via 'SAMLResponse' Parameter Signature Algorithm Confusion
The SAML Single Sign On – SSO Login plugin for WordPress is vulnerable to Authentication Bypass via SAML Signature Algorithm Confusion in all versions up to, and including, 5.4.3. The vulnerability exists because MoSAMLUtilities::mosamlcastkey reads the SignatureMethod Algorithm attribute directl...
CVE-2026-15458 SEO Booster <= 7.3.1 - Authenticated (Administrator+) SQL Injection via 'sort_field' Parameter
The SEO Booster plugin for WordPress is vulnerable to generic SQL Injection via the 'sortfield' parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...
CVE-2026-13042 RPB Chessboard <= 8.1.2 - Unauthenticated Stored Cross-Site Scripting via Comment Content
The RPB Chessboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content in all versions up to, and including, 8.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2026-15445 SEO Booster <= 7.3.1 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter
The SEO Booster plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...
CVE-2026-15306 Product Feed Manager For WooCommerce <= 7.6.1 - Reflected Cross-Site Scripting via 's' Search Parameter
The Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 's' Search Parameter in all versions up to, and including, 7.6.1 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2026-21729 Loki detected_fields query limits results in unbounded memory allocation
Loki queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy...
CVE-2026-15652 Easy Accordion <= 3.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'align' Block Attribute
The Easy Accordion – AI-Powered FAQ & Accordion Blocks, Product FAQ plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'align' Block Attribute in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-12941 MultiVendorX <= 5.0.9 - Authenticated (Store Owner+) SQL Injection via 'order_by' Parameter
The MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2026-12409 Landing Page Builder <= 1.5.3.6 - Cross-Site Request Forgery to ulpb_admin_data AJAX Action
The Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.3.6. This is due to missing or incorrect nonce validation on the ulpbadminajax function. Thi...
CVE-2026-14987 GiveWP <= 4.16.3 - Authenticated (Give Worker+) Stored Cross-Site Scripting via 'twitter_message' Sequoia Template Setting
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'twittermessage' Sequoia Template Setting in all versions up to, and including, 4.16.3 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-12434 List category posts <= 0.95.0 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via 'post_status' Shortcode Attribute
The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.95.0 via the sanitizestatus. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles, full content, excerpts,...