Latest CVE Vulnerabilities

4.3 MEDIUM

CVE-2026-2301 — Post Duplicator <= 3.0.8 - Missing Authorization to Authenticated (Contributor+) Protecte…

The Post Duplicator plugin for WordPress is vulnerable to unauthorized arbitrary protected post meta insertion in all versions up to, and including, 3.0.8. This is due to the `duplicate_post()` funct…

post_duplicator | Remote | Authorization

Feb 25, 2026 Feb 25, 2026

Feb 25, 2026

4.3 MEDIUM

CVE-2025-14742 — WP Recipe Maker <= 10.2.3 - Missing Authorization to Authenticated (Subscriber+) Sensitiv…

The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_search_recipes' and 'ajax_get_recipe' functions in all versions up…

wp_recipe_maker | Remote | Authorization

Feb 25, 2026 Feb 25, 2026

Feb 25, 2026

5.4 MEDIUM

CVE-2026-3171 — SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System queue.php cros…

A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /queue.php. This manipu…

patients_waiting_area_queue_management_system | Remote | Cross-Site Scripting

Feb 25, 2026 Feb 25, 2026

Feb 25, 2026

5.0 MEDIUM

CVE-2026-2479 — Responsive Lightbox & Gallery <= 2.7.1 - Authenticated (Author+) Server-Side Request Forg…

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.1. This is due to the use of `strpos()` for substring-bas…

responsive_lightbox | Remote | Server-Side Request Forgery

Feb 25, 2026 Feb 25, 2026

Feb 25, 2026

7.5 HIGH

CVE-2026-2416 — Geo Mashup <= 1.13.17 - Unauthenticated SQL Injection via 'sort' Parameter

The Geo Mashup plugin for WordPress is vulnerable to SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.17. This is due to insufficient escaping on the user supplied pa…

Remote | Injection

Feb 25, 2026 Feb 25, 2026

Feb 25, 2026

8.8 HIGH

CVE-2026-1929 — Advanced Woo Labels <= 2.37 - Authenticated (Contributor+) Remote Code Execution via 'cal…

The Advanced Woo Labels plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.37. This is due to the use of `call_user_func_array()` with user-controlled…

Remote | Injection

Feb 25, 2026 Feb 25, 2026

Feb 25, 2026

7.5 HIGH

CVE-2026-1916 — WPGSI: Spreadsheet Integration <= 3.8.3 - Missing Authorization to Unauthenticated Arbitr…

The WPGSI: Spreadsheet Integration plugin for WordPress is vulnerable to unauthorized modification and loss of data due to missing capability checks and an insecure authentication mechanism on the `w…

Remote | Authentication

Feb 25, 2026 Feb 25, 2026

Feb 25, 2026

4.8 MEDIUM

CVE-2026-3170 — SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System patient-search…

A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected is an unknown function of the file /patient-search.php. The manipulation of th…

patients_waiting_area_queue_management_system | Remote | Cross-Site Scripting

Feb 25, 2026 Feb 25, 2026

Feb 25, 2026

9.0 HIGH

CVE-2026-3169 — Tenda F453 httpd SafeEmailFilter fromSafeEmailFilter buffer overflow

A security vulnerability has been detected in Tenda F453 1.0.0.3. This impacts the function fromSafeEmailFilter of the file /goform/SafeEmailFilter of the component httpd. The manipulation of the arg…

f453_firmware f453 | Remote | Memory Corruption

Feb 25, 2026 Feb 25, 2026

Feb 25, 2026

4.6 MEDIUM

CVE-2025-11563 — wcurl path traversal with percent-encoded slashes

URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects th…

curl wcurl | Remote | Path Traversal

Feb 25, 2026 Feb 26, 2026

Feb 25, 2026

Feb 26, 2026

Browse by Apps

Latest CVE Feed

Cookie Preferences