Latest CVE Feed
-
5.4
MEDIUMCVE-2025-14854
The WP-CRM System plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on the wpcrm_get_email_recipients and wpcrm_system_ajax_task_change_status AJAX functions in all versions up to, and including, 3.4.5. This makes ... Read more
Affected Products :- Published: Jan. 14, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Authorization
-
4.2
MEDIUMCVE-2025-68492
Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product.... Read more
Affected Products : chainlit- Published: Jan. 14, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2026-0635
The Responsive Accordion Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resp_accordion_silder_save_images' function in all versions up to, and including, 1.2.2. This makes it possib... Read more
Affected Products :- Published: Jan. 14, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Authorization
-
4.9
MEDIUMCVE-2026-0678
The Flat Shipping Rate by City for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'cities' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of su... Read more
Affected Products :- Published: Jan. 14, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Injection