๐จ CVE-2026-15010
The bbp Style Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.4.5 via the Topic Form Additional Fields feature. This is due to insufficient input sanitization in bsp_topic_fields_form_save() (which writes $_POST['bsp_topic_fields_label{n}'] directly to post meta via update_post_meta() with no filtering) and missing output escaping in bsp_topic_content_append_topic_fields() (which concatenates the stored meta value into an HTML <span> and echoes it via apply_filters/echo without esc_html()). This makes it possible for authenticated attackers, with Subscriber-level access and above (who have bbPress topic-creation privileges), to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, including unauthenticated visitors.
๐@cveNotify
The bbp Style Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.4.5 via the Topic Form Additional Fields feature. This is due to insufficient input sanitization in bsp_topic_fields_form_save() (which writes $_POST['bsp_topic_fields_label{n}'] directly to post meta via update_post_meta() with no filtering) and missing output escaping in bsp_topic_content_append_topic_fields() (which concatenates the stored meta value into an HTML <span> and echoes it via apply_filters/echo without esc_html()). This makes it possible for authenticated attackers, with Subscriber-level access and above (who have bbPress topic-creation privileges), to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, including unauthenticated visitors.
๐@cveNotify
๐จ CVE-2026-15155
The Essential Addons for Elementor โ Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Authenticated Account Takeover via Email Header Injection in all versions up to, and including, 6.6.10 This is due to insufficient server-side validation of a Login/Register widget setting used to construct outgoing email headers โ the allowed-values restriction is enforced only in the client-side editor UI and not on the server, and the applied sanitization does not strip or encode CR/LF characters, allowing CRLF sequences stored in that setting to survive into raw mail headers. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject an additional Bcc header into the WordPress administrator's password-reset notification email, receive a copy of a valid administrator password-reset link, and achieve full administrator account takeover.
๐@cveNotify
The Essential Addons for Elementor โ Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Authenticated Account Takeover via Email Header Injection in all versions up to, and including, 6.6.10 This is due to insufficient server-side validation of a Login/Register widget setting used to construct outgoing email headers โ the allowed-values restriction is enforced only in the client-side editor UI and not on the server, and the applied sanitization does not strip or encode CR/LF characters, allowing CRLF sequences stored in that setting to survive into raw mail headers. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject an additional Bcc header into the WordPress administrator's password-reset notification email, receive a copy of a valid administrator password-reset link, and achieve full administrator account takeover.
๐@cveNotify
๐จ CVE-2026-1382
The fresh Podcaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'freshpodcaster' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
๐@cveNotify
The fresh Podcaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'freshpodcaster' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
๐@cveNotify
๐จ CVE-2026-4661
The WP CTA โ Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'fildname' parameter in all versions up to, and including, 2.2.2. This is due to insufficient escaping of user-supplied column names in the ajaxCheck() method and lack of preparation in the $wpdb->update() call. The vulnerability is compounded by the complete absence of authorization checks and the endpoint being registered for unauthenticated users via wp_ajax_nopriv_. This makes it possible for unauthenticated attackers to inject arbitrary SQL queries and extract sensitive information from the database via time-based blind SQL injection techniques, including administrator password hashes.
๐@cveNotify
The WP CTA โ Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'fildname' parameter in all versions up to, and including, 2.2.2. This is due to insufficient escaping of user-supplied column names in the ajaxCheck() method and lack of preparation in the $wpdb->update() call. The vulnerability is compounded by the complete absence of authorization checks and the endpoint being registered for unauthenticated users via wp_ajax_nopriv_. This makes it possible for unauthenticated attackers to inject arbitrary SQL queries and extract sensitive information from the database via time-based blind SQL injection techniques, including administrator password hashes.
๐@cveNotify
๐จ CVE-2026-6801
The Context Blog theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the context_blog_modal_popup. This makes it possible for unauthenticated attackers to extract the content of password-protected posts.
๐@cveNotify
The Context Blog theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the context_blog_modal_popup. This makes it possible for unauthenticated attackers to extract the content of password-protected posts.
๐@cveNotify
๐จ CVE-2026-6939
The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'approval_code' parameter in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The unauthenticated REST endpoint POST /wp-json/corvuspay/success/ is registered with permission_callback set to __return_true, and although a signature validation step exists it only logs the result without halting execution, meaning an attacker can supply a completely arbitrary signature and have a malicious approval_code stored in the database unchallenged.
๐@cveNotify
The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'approval_code' parameter in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The unauthenticated REST endpoint POST /wp-json/corvuspay/success/ is registered with permission_callback set to __return_true, and although a signature validation step exists it only logs the result without halting execution, meaning an attacker can supply a completely arbitrary signature and have a malicious approval_code stored in the database unchallenged.
๐@cveNotify
๐จ CVE-2026-9017
The NEX-Forms โ Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the saved_admin_email, saved_user_email, and saved_user_email_address fields of arbitrary form entries belonging to other users, and cause the site to dispatch attacker-controlled email content to attacker-chosen recipient addresses.
๐@cveNotify
The NEX-Forms โ Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the saved_admin_email, saved_user_email, and saved_user_email_address fields of arbitrary form entries belonging to other users, and cause the site to dispatch attacker-controlled email content to attacker-chosen recipient addresses.
๐@cveNotify
๐จ CVE-2026-9282
The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 via the setupSources function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. Exploitation requires enabling manual minify mode and supplying a manual-format minify filename so that the hash is empty and the f_array[] entries are not overwritten before reaching setupSources().
๐@cveNotify
The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 via the setupSources function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. Exploitation requires enabling manual minify mode and supplying a manual-format minify filename so that the hash is empty and the f_array[] entries are not overwritten before reaching setupSources().
๐@cveNotify
๐จ CVE-2026-1359
The Genolve โ AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the genolve_setOpt() function in all versions up to, and including, 5.0.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to update arbitrary WordPress options, including enabling user registration and setting the default role to administrator, resulting in privilege escalation.
๐@cveNotify
The Genolve โ AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the genolve_setOpt() function in all versions up to, and including, 5.0.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to update arbitrary WordPress options, including enabling user registration and setting the default role to administrator, resulting in privilege escalation.
๐@cveNotify
๐จ CVE-2026-57827
The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
๐@cveNotify
The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
๐@cveNotify
mySites.guru
RSFiles! 1.17.12 File Upload RCE Fixed | mySites.guru
RSFiles! for Joomla (com_rsfiles) up to 1.17.11 had an unauthenticated file upload flaw that let anyone drop a PHP file and run code. Fixed in 1.17.12, update now.
๐จ CVE-2026-57828
The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE.
๐@cveNotify
The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE.
๐@cveNotify
mySites.guru
Phoca Download 6.1.3 Fixes Authenticated RCE | mySites.guru
Phoca Download for Joomla (com_phocadownload) up to 6.1.2 let a logged-in member upload a PHP file and run code on the server. Fixed in 6.1.3, update now.
๐จ CVE-2026-56240
Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the plan_valid calculation that allows organizations with exhausted or expired usage credit grants to bypass billing gates. Attackers can exploit the divergence between the plugin hot-path plan_valid expression and the authoritative billing gate to gain continued access to /updates, /stats, /channel_self, and attachment upload endpoints after credit depletion.
๐@cveNotify
Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the plan_valid calculation that allows organizations with exhausted or expired usage credit grants to bypass billing gates. Attackers can exploit the divergence between the plugin hot-path plan_valid expression and the authoritative billing gate to gain continued access to /updates, /stats, /channel_self, and attachment upload endpoints after credit depletion.
๐@cveNotify
GitHub
Exhausted or expired usage credit grants keep plugin plan_valid true, bypassing billing gates on /updates, /stats, /channel_selfโฆ
### Summary
Capgo plugin hot paths calculate plan_valid using orgs.has_usage_credits.
That flag only means the organization has at least one usage_credit_grants row. It does not mean the orga...
Capgo plugin hot paths calculate plan_valid using orgs.has_usage_credits.
That flag only means the organization has at least one usage_credit_grants row. It does not mean the orga...
๐จ CVE-2026-56296
Cap-go before 12.128.2 contains an information disclosure vulnerability in the public.transfer_app RPC function that returns distinct error messages for existing versus non-existing app IDs. Unauthenticated attackers can enumerate valid app IDs by observing error message differences when calling transfer_app with only the publishable API key.
๐@cveNotify
Cap-go before 12.128.2 contains an information disclosure vulnerability in the public.transfer_app RPC function that returns distinct error messages for existing versus non-existing app IDs. Unauthenticated attackers can enumerate valid app IDs by observing error message differences when calling transfer_app with only the publishable API key.
๐@cveNotify
GitHub
Unauthenticated app existence oracle via public.transfer_app RPC (distinct errors for existing vs non-existing app_id)
### Summary
public.transfer_app(p_app_id, p_new_org_id) is exposed to anon/publishable clients (GRANT ALL). When called without an authenticated user session, the function returns different error ...
public.transfer_app(p_app_id, p_new_org_id) is exposed to anon/publishable clients (GRANT ALL). When called without an authenticated user session, the function returns different error ...
๐จ CVE-2026-56303
Capgo before 12.128.2 contains an information disclosure vulnerability in the find_apikey_by_value PostgreSQL function marked SECURITY DEFINER and executable by the anon role. Unauthenticated attackers can call this function via the /rest/v1/rpc/find_apikey_by_value endpoint to retrieve sensitive API key metadata including user_id, mode, org scoping, and expiration details when supplied a valid key value.
๐@cveNotify
Capgo before 12.128.2 contains an information disclosure vulnerability in the find_apikey_by_value PostgreSQL function marked SECURITY DEFINER and executable by the anon role. Unauthenticated attackers can call this function via the /rest/v1/rpc/find_apikey_by_value endpoint to retrieve sensitive API key metadata including user_id, mode, org scoping, and expiration details when supplied a valid key value.
๐@cveNotify
GitHub
Unauthenticated SECURITY DEFINER RPC find_apikey_by_value Exposes API Key Metadata to anon
### Summary
The PostgreSQL function public.find_apikey_by_value(text) is marked SECURITY DEFINER and returns full rows from public.apikeys.
It is currently executable by the anon role, allowing u...
The PostgreSQL function public.find_apikey_by_value(text) is marked SECURITY DEFINER and returns full rows from public.apikeys.
It is currently executable by the anon role, allowing u...
๐จ CVE-2026-56372
ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an out of bounds read, potentially exposing sensitive information or causing denial of service.
๐@cveNotify
ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an out of bounds read, potentially exposing sensitive information or causing denial of service.
๐@cveNotify
GitHub
Heap buffer overflow read in magnify operation via unrecognized magnify:method value
An unrecognized magnify:method will result in an out of bounds read in the magnify operation.
```
==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61a000000b30
READ of size 4 at 0x...
```
==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61a000000b30
READ of size 4 at 0x...
๐จ CVE-2026-56763
Hono before 4.12.7 allows __proto__ key in parseBody with dot option enabled, permitting specially crafted form field names to create objects with __proto__ properties. When parsed results are merged into regular JavaScript objects using unsafe merge patterns, attackers can exploit this to achieve prototype pollution and modify object behavior.
๐@cveNotify
Hono before 4.12.7 allows __proto__ key in parseBody with dot option enabled, permitting specially crafted form field names to create objects with __proto__ properties. When parsed results are merged into regular JavaScript objects using unsafe merge patterns, attackers can exploit this to achieve prototype pollution and modify object behavior.
๐@cveNotify
GitHub
__proto__ key allowed in parseBody({ dot: true })
## Summary
When using `parseBody({ dot: true })` in HonoRequest, specially crafted form field names such as `__proto__.x` could create objects containing a `__proto__` property.
If the parsed...
When using `parseBody({ dot: true })` in HonoRequest, specially crafted form field names such as `__proto__.x` could create objects containing a `__proto__` property.
If the parsed...
๐จ CVE-2026-60088
PraisonAI before 4.6.78 fails to validate file path references in custom command templates, allowing attackers to read files outside the workspace. Attackers can include path traversal sequences like @../outside_secret.txt or absolute paths in project command files to exfiltrate process-readable files into model prompts.
๐@cveNotify
PraisonAI before 4.6.78 fails to validate file path references in custom command templates, allowing attackers to read files outside the workspace. Attackers can include path traversal sequences like @../outside_secret.txt or absolute paths in project command files to exfiltrate process-readable files into model prompts.
๐@cveNotify
GitHub
fix: correct fork and merge-state detection in claude workflow ยท MervinPraison/PraisonAI@3aa9cbc
Use owner/repo for base repo comparison (context.repo.full_name is undefined)
and read mergeable_state from the REST API so DIRTY PRs get rebase instructions.
and read mergeable_state from the REST API so DIRTY PRs get rebase instructions.
๐จ CVE-2026-60090
PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowledge-store create_collection() backends. Although schema, keyspace, and collection-name identifiers are validated, the dimension value (declared as int but not enforced at runtime) is interpolated directly into the vector column of the generated CREATE TABLE DDL. A caller able to influence collection-creation dimensions can pass a string such as '3); DROP TABLE tenant_secrets; --' to inject SQL/CQL tokens into the statement executed by the database driver.
๐@cveNotify
PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowledge-store create_collection() backends. Although schema, keyspace, and collection-name identifiers are validated, the dimension value (declared as int but not enforced at runtime) is interpolated directly into the vector column of the generated CREATE TABLE DDL. A caller able to influence collection-creation dimensions can pass a string such as '3); DROP TABLE tenant_secrets; --' to inject SQL/CQL tokens into the statement executed by the database driver.
๐@cveNotify
GitHub
fix: correct fork and merge-state detection in claude workflow ยท MervinPraison/PraisonAI@3aa9cbc
Use owner/repo for base repo comparison (context.repo.full_name is undefined)
and read mergeable_state from the REST API so DIRTY PRs get rebase instructions.
and read mergeable_state from the REST API so DIRTY PRs get rebase instructions.
๐จ CVE-2026-61426
PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces with no API key requirement and wildcard CORS. Unauthenticated attackers can call GET /api/agents to read agent instructions and system prompts, or POST /api/chat to invoke agents without authentication.
๐@cveNotify
PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces with no API key requirement and wildcard CORS. Unauthenticated attackers can call GET /api/agents to read agent instructions and system prompts, or POST /api/chat to invoke agents without authentication.
๐@cveNotify
GitHub
AgentOS defaults to network-exposed no-auth mode, allowing unauthenticated agent invocation and instruction disclosure
## Summary
The AgentOS server in the `praisonai` TypeScript/npm package ships an insecure default: it binds `0.0.0.0`, sets no API key, and uses CORS `*` with credentials. The API-key middleware...
The AgentOS server in the `praisonai` TypeScript/npm package ships an insecure default: it binds `0.0.0.0`, sets no API key, and uses CORS `*` with credentials. The API-key middleware...
๐จ CVE-2026-61428
PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing unauthenticated attackers to inject messages with spoofed sender addresses. Attackers can POST crafted message.received events to the webhook endpoint to inject arbitrary content into the agent and trigger replies to attacker-controlled addresses, bypassing sender allow/block lists.
๐@cveNotify
PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing unauthenticated attackers to inject messages with spoofed sender addresses. Attackers can POST crafted message.received events to the webhook endpoint to inject arbitrary content into the agent and trigger replies to attacker-controlled addresses, bypassing sender allow/block lists.
๐@cveNotify
GitHub
AgentMail webhook lacks signature verification, allowing unauthenticated message injection and sender spoofing
## Summary
PraisonAI's AgentMail bot, when run in webhook (or hybrid) mode, starts an aiohttp webhook server bound to `0.0.0.0` and processes inbound `message.received` events **without veri...
PraisonAI's AgentMail bot, when run in webhook (or hybrid) mode, starts an aiohttp webhook server bound to `0.0.0.0` and processes inbound `message.received` events **without veri...
๐จ CVE-2026-61429
PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend that allows attackers to bypass SSRF validation by exploiting DNS rebinding and HTTP redirects. Attackers can craft URLs that resolve to internal services after the initial validation check, enabling the headless browser to follow redirects and read internal responses including sensitive canary values.
๐@cveNotify
PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend that allows attackers to bypass SSRF validation by exploiting DNS rebinding and HTTP redirects. Attackers can craft URLs that resolve to internal services after the initial validation check, enabling the headless browser to follow redirects and read internal responses including sensitive canary values.
๐@cveNotify
GitHub
Crawl4AI/Chromium backend is also affected by the `web_crawl` SSRF validation bypass
## Summary
The DNS-rebinding / redirect SSRF bypass in PRAI-05 is **not limited to the httpx/urllib backend**. When `crawl4ai` (headless Chromium via Playwright) is installed, `web_crawl` auto-s...
The DNS-rebinding / redirect SSRF bypass in PRAI-05 is **not limited to the httpx/urllib backend**. When `crawl4ai` (headless Chromium via Playwright) is installed, `web_crawl` auto-s...