Latest CVE Feed
-
5.3
MEDIUMCVE-2025-13864
The Breeze - WordPress Cache Plugin plugin for WordPress is vulnerable to unauthorized cache clearing in all versions up to, and including, 2.2.21. This is due to the REST API endpoint `/wp-json/breeze/v1/clear-all-cache` being registered with `permission... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-1303
The MailChimp Campaigns plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.2.4. This is due to missing capability checks on the `mailchimp_campaigns_manager_disconnect_app` function that is hooked to the AJ... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-13079
The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.2. This is due to the plugin generating predictable unsubscribe tokens usi... Read more
Affected Products : popup_builder- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-2683
A vulnerability was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). The affected element is an unknown function of the file /Using/Subject/downLoad.html. Performing a manipulation of the argument path results in path traversal. Th... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2025-13113
The Web Accessibility by accessiBe plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11. This is due to the `accessibe_render_js_in_footer()` function logging the complete plugin options array to ... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2026-25320
Missing Authorization vulnerability in Cool Plugins Elementor Contact Form DB sb-elementor-contact-form-db allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Contact Form DB: from n/a through <= 2.1.3.... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-2692
A vulnerability was found in CoCoTeaNet CyreneAdmin up to 1.3.0. This affects an unknown part of the file /api/system/user/getAvatar of the component Image Handler. Performing a manipulation of the argument Avatar results in path traversal. The attack can... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2026-25321
Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through <= 3.4.4.... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-25325
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Retrieve Embedded Sensitive Data.This issue affects rtMedia for WordPress, BuddyPress ... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2026-24003
EVerest is an EV charging software stack. In versions up to and including 2025.12.1, it is possible to bypass the sequence state verification including authentication, and send requests that transition to forbidden states relative to the current one, ther... Read more
Affected Products : everest- Published: Jan. 26, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-1219
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 4.0 to 5.10 via the 'load_track_note_ajax' due to missing validation on a user controlled key. This ma... Read more
Affected Products : mp3_audio_player_for_music\,_radio_\&_podcast- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-6792
The One to one user Chat by WPGuppy plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/guppylite/v2/channel-authorize rest endpoint in all versions up to, and including, 1.1.4. This makes it... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-1537
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load_step() function in all versions up to, and including, 5.2.6. This makes it ... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-25367
Missing Authorization vulnerability in NooTheme CitiLights noo-citilights allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CitiLights: from n/a through < 3.7.2.... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-1657
The EventPrime plugin for WordPress is vulnerable to unauthorized image file upload in all versions up to, and including, 4.2.8.4. This is due to the plugin registering the upload_file_media AJAX action as publicly accessible (nopriv-enabled) without impl... Read more
Affected Products : eventprime- Published: Feb. 17, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2026-25336
Missing Authorization vulnerability in wpcoachify Coachify coachify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coachify: from n/a through <= 1.1.5.... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-2443
A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remot... Read more
Affected Products :- Published: Feb. 13, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2020-37007
Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate user account settings without proper request validation. Attackers can craft malicious HTML forms to change user passwords or modify account information by t... Read more
Affected Products : liman- Published: Jan. 29, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Cross-Site Request Forgery
-
5.3
MEDIUMCVE-2026-25408
Missing Authorization vulnerability in PluginRx Broken Link Notifier broken-link-notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broken Link Notifier: from n/a through <= 1.3.5.... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-2681
A flaw was found in the blst cryptographic library. This out-of-bounds stack write vulnerability, specifically in the blst_sha256_bcopy assembly routine, occurs due to a missing zero-length guard. A remote attacker can exploit this by providing a zero-len... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Memory Corruption