46541 matches found
NPM: OpenClaw: Internal/webchat command auth could inherit ownerAllowFrom wildcard state
NPM: OpenClaw: Internal/webchat command auth could inherit ownerAllowFrom wildcard state vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.4.24...
NPM: OpenClaw: Empty-scope device re-pairing could confuse caller scope containment
NPM: OpenClaw: Empty-scope device re-pairing could confuse caller scope containment vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.4.24...
NPM: OpenClaw: Workspace-derived service PATH could influence trash command selection
NPM: OpenClaw: Workspace-derived service PATH could influence trash command selection vulnerability discovered by ? in WordPress Npm openclaw versions 2026.5.2...
NPM: OpenClaw: Workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots
NPM: OpenClaw: Workspace .env STATEDIRECTORY could influence bundled runtime dependency roots vulnerability discovered by ? in WordPress Npm openclaw versions 2026.5.2...
NPM: OpenClaw: Discord allowFrom could bind to mutable display names
NPM: OpenClaw: Discord allowFrom could bind to mutable display names vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.6...
NPM: OpenClaw: Focus command could miss controlScope enforcement
NPM: OpenClaw: Focus command could miss controlScope enforcement vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.4.24...
NPM: OpenClaw: Workspace .env npm_execpath could influence bundled runtime dependency install
NPM: OpenClaw: Workspace .env npmexecpath could influence bundled runtime dependency install vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.29...
NPM: OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
NPM: OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns vulnerability discovered by ? in WordPress Npm openclaw versions 2026.5.12...
NPM: OpenClaw: BlueBubbles sender policy could match mutable conversation identifiers
NPM: OpenClaw: BlueBubbles sender policy could match mutable conversation identifiers vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.6...
NPM: OpenClaw: memory-wiki shared search could miss session visibility checks
NPM: OpenClaw: memory-wiki shared search could miss session visibility checks vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.4.27...
NPM: OpenClaw: Config recovery could restore openclaw.json with broad file permissions
NPM: OpenClaw: Config recovery could restore openclaw.json with broad file permissions vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.23...
NPM: OpenClaw: Zalo allowFrom could bind to mutable display names
NPM: OpenClaw: Zalo allowFrom could bind to mutable display names vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.2...
NPM: OpenClaw: Skill-command dispatch could skip before-tool-call hooks
NPM: OpenClaw: Skill-command dispatch could skip before-tool-call hooks vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.5...
NPM: OpenClaw: Active Memory write scope could mutate global config
NPM: OpenClaw: Active Memory write scope could mutate global config vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.5...
NPM: OpenClaw: Exported session HTML could keep unsafe markdown links
NPM: OpenClaw: Exported session HTML could keep unsafe markdown links vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.7...
NPM: OpenClaw: Slack reaction events could ignore reaction notification settings
NPM: OpenClaw: Slack reaction events could ignore reaction notification settings vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.7...
NPM: OpenClaw: Bootstrap token replay could widen pending pairing scopes
NPM: OpenClaw: Bootstrap token replay could widen pending pairing scopes vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.10-beta.2...
NPM: OpenClaw: Shell positional parameters could weaken strict inline-eval checks
NPM: OpenClaw: Shell positional parameters could weaken strict inline-eval checks vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.2...
NPM: OpenClaw: Hostname checks could treat trailing-dot hosts inconsistently
NPM: OpenClaw: Hostname checks could treat trailing-dot hosts inconsistently vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.22...
NPM: OpenClaw: Exec allowlist could miss side effects from transparent command wrappers
NPM: OpenClaw: Exec allowlist could miss side effects from transparent command wrappers vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.22...
WordPress STRABL – A checkout solution plugin <= 4.5 - Unauthenticated Arbitrary Webhook Creation vulnerability
Unauthenticated Arbitrary Webhook Creation vulnerability discovered by Teerachai Somprasong in WordPress Plugin STRABL – A checkout solution versions = 4.5...
WordPress 2Download Connector for 2DL Hosted Checkout plugin <= 0.1.5 - Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure vulnerability
Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure vulnerability discovered by Mohamed Haidar in WordPress Plugin 2Download Connector for 2DL Hosted Checkout versions = 0.1.5...
WordPress Avada (Fusion) Builder plugin <= 3.15.3 - Unauthenticated Arbitrary File Deletion via Form Entry Value vulnerability
Unauthenticated Arbitrary File Deletion via Form Entry Value vulnerability discovered by daroo in WordPress Plugin Fusion Builder versions = 3.15.3...
NPM: budibase: Database Connector SQL Injections in PostgreSQL, MS SQL, and MySQL
NPM: budibase: Database Connector SQL Injections in PostgreSQL, MS SQL, and MySQL vulnerability discovered by ? in WordPress Npm budibase versions 3.39.19...
WordPress Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin 1.7.1058-1.7.1059 - Authenticated (Contributor+) Arbitrary File Read vulnerability
Authenticated Contributor+ Arbitrary File Read vulnerability discovered by Jack Taylor in WordPress Plugin Royal Elementor Addons versions 1.7.1058-1.7.1059...
WordPress Creavi Appointment Booking Calendar plugin <= 1.4.4 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Creavi Appointment Booking Calendar versions = 1.4.4...
WordPress Woosa – Marktplaats for WooCommerce plugin <= 2.0.5 - Authenticated (Administrator+) Arbitrary File Read vulnerability
Authenticated Administrator+ Arbitrary File Read vulnerability discovered by Legion Hunter in WordPress Plugin Woosa – Marktplaats for WooCommerce versions = 2.0.5...
WordPress WP DSGVO Tools (GDPR) plugin <= 3.1.39 - Missing Authorization to Unauthenticated Sensitive Personal Data Disclosure vulnerability
Missing Authorization to Unauthenticated Sensitive Personal Data Disclosure vulnerability discovered by kalomba - KAPENTEST in WordPress Plugin WP DSGVO Tools GDPR versions = 3.1.39...
WordPress Bogo plugin <= 3.9.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability
Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by Andrew Lacambra in WordPress Plugin Bogo versions = 3.9.1...
WordPress Advanced Import plugin <= 1.4.6 - Authenticated (Author+) Server-Side Request Forgery vulnerability
Authenticated Author+ Server-Side Request Forgery vulnerability discovered by loris4py in WordPress Plugin Advanced Import versions = 1.4.6...
WordPress Blocksy Companion plugin <= 2.1.45 - Authenticated (Editor+) Stored Cross-Site Scripting vulnerability
Authenticated Editor+ Stored Cross-Site Scripting vulnerability discovered by Pasindu Dilshan K4PXD - HACK KAP PVT LTD in WordPress Plugin Blocksy Companion versions = 2.1.45...
WordPress BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Craniums in WordPress Plugin BetterDocs versions = 4.5.3...
WordPress Classified Listing – AI-Powered Classified ads & Business Directory plugin <= 5.4.2 - Missing Authorization to Authenticated (Subscriber+) Feature Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Feature Modification vulnerability discovered by Ben Tamam Ben Tamam in WordPress Plugin Classified Listing versions = 5.4.2...
WordPress WP EasyPay plugin <= 4.5.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Sajjad Haqi in WordPress Plugin WP EasyPay versions = 4.5.0...
WordPress Fusion Builder plugin <= 3.15.4 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by daroo in WordPress Plugin Fusion Builder versions = 3.15.4...
NPM: OpenClaw: macOS Swift exec allowlist missed combined POSIX inline flags
NPM: OpenClaw: macOS Swift exec allowlist missed combined POSIX inline flags vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.5...
WordPress H5P plugin <= 1.17.6 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Koutrouss Naddara in WordPress Plugin H5P versions = 1.17.6...
WordPress Stylish Cost Calculator plugin <= 8.3.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by ParkHyunWoo in WordPress Plugin Stylish Cost Calculator versions = 8.3.9...
WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.11 - SQL Injection vulnerability
SQL Injection vulnerability discovered by hhhai in WordPress Plugin Premmerce Wishlist for WooCommerce versions = 1.1.11...
NPM: undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent
NPM: undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent vulnerability discovered by ? in WordPress Npm undici versions = 7.23.0, 7.28.0...
NPM: undici vulnerable to cross-user information disclosure via shared cache whitespace bypass
NPM: undici vulnerable to cross-user information disclosure via shared cache whitespace bypass vulnerability discovered by ? in WordPress Npm undici versions = 7.0.0, 7.28.0...
NPM: undici WebSocket client vulnerable to denial of service via cumulative fragment bypass
NPM: undici WebSocket client vulnerable to denial of service via cumulative fragment bypass vulnerability discovered by ? in WordPress Npm undici versions = 8.0.0, 8.5.0...
NPM: Nodemailer: Message-level raw option bypasses disableFileAccess/disableUrlAccess, enabling arbitrary file read and full-response SSRF in the delivered message
NPM: Nodemailer: Message-level raw option bypasses disableFileAccess/disableUrlAccess, enabling arbitrary file read and full-response SSRF in the delivered message vulnerability discovered by ? in WordPress Npm nodemailer versions = 9.0.0...
NPM: DOMPurify: Permanent `ALLOWED_ATTR` pollution via `setConfig()` bypassing the hook clone-guard (incomplete fix of the 3.4.7 hook-pollution patch)
NPM: DOMPurify: Permanent ALLOWEDATTR pollution via setConfig bypassing the hook clone-guard incomplete fix of the 3.4.7 hook-pollution patch vulnerability discovered by ? in WordPress Npm dompurify versions = 3.4.10...
NPM: npm PraisonAI utility shell safe-command wrapper allowlist bypass via shell chaining
NPM: npm PraisonAI utility shell safe-command wrapper allowlist bypass via shell chaining vulnerability discovered by ? in WordPress Npm praisonai versions = 1.5.1, = 1.7.1...
NPM: npm PraisonAI AgentLoop onToolCall approval runs after tool execution
NPM: npm PraisonAI AgentLoop onToolCall approval runs after tool execution vulnerability discovered by ? in WordPress Npm praisonai versions = 1.4.0, = 1.7.1...
NPM: npm PraisonAI MCPServer exposes unauthenticated HTTP tools/call
NPM: npm PraisonAI MCPServer exposes unauthenticated HTTP tools/call vulnerability discovered by ? in WordPress Npm praisonai versions = 1.5.0, = 1.7.1...
NPM: npm PraisonAI AgentOS exposes unauthenticated agent listing and invocation
NPM: npm PraisonAI AgentOS exposes unauthenticated agent listing and invocation vulnerability discovered by ? in WordPress Npm praisonai versions = 1.6.0, = 1.7.1...
NPM: PraisonAI: Remote Code Execution via Sandbox Escape in `codeMode` Tool
NPM: PraisonAI: Remote Code Execution via Sandbox Escape in codeMode Tool vulnerability discovered by ? in WordPress Npm praisonai versions = 1.7.1...
NPM: npm PraisonAI SandboxExecutor allowedCommands bypass via shell chaining
NPM: npm PraisonAI SandboxExecutor allowedCommands bypass via shell chaining vulnerability discovered by ? in WordPress Npm praisonai versions = 1.2.3, = 1.7.1...