46547 matches found
NPM: npm PraisonAI utility shell safe-command wrapper allowlist bypass via shell chaining
NPM: npm PraisonAI utility shell safe-command wrapper allowlist bypass via shell chaining vulnerability discovered by ? in WordPress Npm praisonai versions = 1.5.1, = 1.7.1...
NPM: npm PraisonAI AgentLoop onToolCall approval runs after tool execution
NPM: npm PraisonAI AgentLoop onToolCall approval runs after tool execution vulnerability discovered by ? in WordPress Npm praisonai versions = 1.4.0, = 1.7.1...
NPM: npm PraisonAI MCPServer exposes unauthenticated HTTP tools/call
NPM: npm PraisonAI MCPServer exposes unauthenticated HTTP tools/call vulnerability discovered by ? in WordPress Npm praisonai versions = 1.5.0, = 1.7.1...
NPM: npm PraisonAI AgentOS exposes unauthenticated agent listing and invocation
NPM: npm PraisonAI AgentOS exposes unauthenticated agent listing and invocation vulnerability discovered by ? in WordPress Npm praisonai versions = 1.6.0, = 1.7.1...
NPM: PraisonAI: Remote Code Execution via Sandbox Escape in `codeMode` Tool
NPM: PraisonAI: Remote Code Execution via Sandbox Escape in codeMode Tool vulnerability discovered by ? in WordPress Npm praisonai versions = 1.7.1...
NPM: npm PraisonAI SandboxExecutor allowedCommands bypass via shell chaining
NPM: npm PraisonAI SandboxExecutor allowedCommands bypass via shell chaining vulnerability discovered by ? in WordPress Npm praisonai versions = 1.2.3, = 1.7.1...
NPM: npm PraisonAI codeMode sandbox escape via Function constructor
NPM: npm PraisonAI codeMode sandbox escape via Function constructor vulnerability discovered by ? in WordPress Npm praisonai versions = 1.4.0, = 1.7.1...
NPM: npm PraisonAI SandboxExecutor network-isolated mode does not block non-proxy-aware network clients
NPM: npm PraisonAI SandboxExecutor network-isolated mode does not block non-proxy-aware network clients vulnerability discovered by ? in WordPress Npm praisonai versions = 1.2.3, = 1.7.1...
NPM: npm PraisonAI MCPSecurity Basic/OAuth authentication policies accept invalid credentials without validation
NPM: npm PraisonAI MCPSecurity Basic/OAuth authentication policies accept invalid credentials without validation vulnerability discovered by ? in WordPress Npm praisonai versions = 1.5.1, = 1.7.1...
WordPress APIExperts Square for WooCommerce plugin <= 4.7.3 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Peng Zhou in WordPress Plugin APIExperts Square for WooCommerce versions = 4.7.3...
WordPress Syncee Premium Dropshipping & Wholesale plugin <= 1.0.27 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by dodoh4t in WordPress Plugin Syncee Premium Dropshipping & Wholesale versions = 1.0.27...
WordPress MDTF plugin <= 1.3.8 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Ossacip Thanh in WordPress Plugin MDTF versions = 1.3.8...
WordPress Media LIbrary Assistant plugin <= 3.35 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin Media LIbrary Assistant versions = 3.35...
WordPress User Admin Simplifier plugin <= 3.0.0 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by 有馬 龍成 in WordPress Plugin User Admin Simplifier versions = 3.0.0...
WordPress MDTF plugin <= 1.3.7 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Roll in WordPress Plugin MDTF versions = 1.3.7...
WordPress Royal MCP plugin <= 1.4.25 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by dhamdham in WordPress Plugin Royal MCP versions = 1.4.25...
WordPress Vitepos plugin <= 3.4.2 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by qdtad in WordPress Plugin Vitepos versions = 3.4.2...
WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by HieuPenguinnn in WordPress Plugin Newsletters versions = 4.13...
NPM: TinaCMS rich-text (slatejson) rendering does not sanitize link/image URLs, allowing stored XSS via dangerous URL schemes
NPM: TinaCMS rich-text slatejson rendering does not sanitize link/image URLs, allowing stored XSS via dangerous URL schemes vulnerability discovered by ? in WordPress Npm tinacms versions 3.9.3...
NPM: Hydro: Insufficient session expiration when recreating sessions
NPM: Hydro: Insufficient session expiration when recreating sessions vulnerability discovered by ? in WordPress Npm hydrooj versions = 4.10.4, = 5.0.1...
NPM: http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in `fixRequestBody`
NPM: http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in fixRequestBody vulnerability discovered by ? in WordPress Npm http-proxy-middleware versions = 3.0.4, 3.0.7...
NPM: http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass
NPM: http-proxy-middleware router host+path substring matching allows Host-header-driven backend routing bypass vulnerability discovered by ? in WordPress Npm http-proxy-middleware versions = 0.16.0, 2.0.10...
WordPress Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups plugin <= 2.0.9 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by dodoh4t in WordPress Plugin Trinity Backup Backup, Migrate, Restore, Clone & Schedule Backups versions = 2.0.9...
NPM: piscina: Prototype Pollution Gadget → RCE via inherited options.filename
NPM: piscina: Prototype Pollution Gadget → RCE via inherited options.filename vulnerability discovered by ? in WordPress Npm piscina versions = 4.9.2...
NPM: jodit: Prototype pollution in Jodit via Jodit.modules.Helpers.set()
NPM: jodit: Prototype pollution in Jodit via Jodit.modules.Helpers.set vulnerability discovered by ? in WordPress Npm jodit versions 4.12.26...
NPM: OpenClaw: Tool group policy callers could accept unvalidated group IDs
NPM: OpenClaw: Tool group policy callers could accept unvalidated group IDs vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.4.24...
NPM: OpenClaw: Workspace .env CLOUDSDK_PYTHON could influence Gmail setup gcloud execution
NPM: OpenClaw: Workspace .env CLOUDSDKPYTHON could influence Gmail setup gcloud execution vulnerability discovered by ? in WordPress Npm openclaw versions 2026.5.2...
NPM: OpenClaw: Shell inline-command parsing could miss an allowlist check
NPM: OpenClaw: Shell inline-command parsing could miss an allowlist check vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.10-beta.1...
WordPress Intranet & Private Site – All-In-One Intranet plugin <= 1.8.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by dodoh4t in WordPress Plugin Intranet & Private Site All-In-One Intranet versions = 1.8.1...
NPM: OpenClaw: Pairing-scoped device session could restore revoked node token authority
NPM: OpenClaw: Pairing-scoped device session could restore revoked node token authority vulnerability discovered by ? in WordPress Npm openclaw versions 2026.5.26...
NPM: OpenClaw: Host environment sanitizer missed two Node.js control variables
NPM: OpenClaw: Host environment sanitizer missed two Node.js control variables vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.22...
WordPress Bricksable for Bricks Builder plugin <= 1.6.83 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Bricksable for Bricks Builder versions = 1.6.83...
WordPress WC Vendors Marketplace plugin <= 2.6.8 - SQL Injection vulnerability
SQL Injection vulnerability discovered by hhhai in WordPress Plugin WC Vendors Marketplace versions = 2.6.8...
WordPress Ocean Product Sharing plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Ocean Product Sharing versions = 2.2.2...
WordPress Filter & Grids plugin <= 3.11.5 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Filter & Grids versions = 3.11.5...
WordPress Five Star Restaurant Menu plugin <= 2.5.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Vincent Sevkli in WordPress Plugin Five Star Restaurant Menu versions = 2.5.2...
WordPress Enable CORS plugin <= 2.0.3 - Backdoor vulnerability
Backdoor vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Enable CORS versions = 2.0.3...
WordPress CF7 to Webhook plugin <= 5.0.0 - Unauthenticated Server-Side Request Forgery vulnerability
Unauthenticated Server-Side Request Forgery vulnerability discovered by Lucius-log in WordPress Plugin CF7 to Webhook versions = 5.0.0...
WordPress SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin <= 4.3.6 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Customize My Account for WooCommerce versions = 4.3.6...
WordPress Offload, AI & Optimize with Cloudflare Images plugin <= 1.10.2 - Authenticated (Author+) Remote Code Execution vulnerability
Authenticated Author+ Remote Code Execution vulnerability discovered by Yat in WordPress Plugin Offload, AI & Optimize with Cloudflare Images versions = 1.10.2...
WordPress Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin <= 30.0.2 - Authenticated (Author+) Privilege Escalation vulnerability
Authenticated Author+ Privilege Escalation vulnerability discovered by ? in WordPress Plugin Contest Gallery versions = 30.0.2...
WordPress Slideshow Gallery LITE plugin <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Slideshow Gallery versions = 1.8.5...
WordPress Fancy Testimonials plugin <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Fancy Testimonials versions = 1.0...
WordPress Appointment Booking Calendar plugin <= 1.4.01 - Authenticated (Contributor+) Sensitive Information Exposure vulnerability
Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by ? in WordPress Plugin Appointment Booking Calendar versions = 1.4.01...
NPM: webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies
NPM: webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies vulnerability discovered by ? in WordPress Npm webpack-dev-server versions 5.2.5...
NPM: Multer vulnerable to Denial of Service via deeply nested field names
NPM: Multer vulnerable to Denial of Service via deeply nested field names vulnerability discovered by ? in WordPress Npm multer versions = 1.0.0, 2.2.0...
WordPress PowerPress Podcasting plugin by Blubrry plugin <= 11.16.8 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Mukhlis Amien in WordPress Plugin PowerPress Podcasting versions = 11.16.8...
NPM: Multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads
NPM: Multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads vulnerability discovered by ? in WordPress Npm multer versions = 2.0.0-alpha.1, 2.2.0...
WordPress UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin <= 1.2.63 - Insecure Direct Object Reference to Authenticated (Editor+) Arbitrary User Avatar/Banner Reset vulnerability
Insecure Direct Object Reference to Authenticated Editor+ Arbitrary User Avatar/Banner Reset vulnerability discovered by Pasindu Dilshan K4PXD - HACK KAP PVT LTD in WordPress Plugin UsersWP versions = 1.2.63...
NPM: OpenClaw: MCP Streamable HTTP redirects could forward configured custom headers to another origin
NPM: OpenClaw: MCP Streamable HTTP redirects could forward configured custom headers to another origin vulnerability discovered by ? in WordPress Npm openclaw versions 2026.5.12...