CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
A vulnerability in the sigqueue(2) implementation in FreeBSD allows a process in capability mode to send signals to any process, bypassing Capsicum sandbox restrictions. The missing check for the target PID being the calling process's own enables an attacker to interfere with other processes.
An integer overflow vulnerability was found in the dsp_mmap_single() function during validation of memory mapping requests. A large offset and length can cause the sum to wrap around, bypassing the check and allowing mapping beyond the audio buffer into unrelated kernel memory.
The RegistrationMagic plugin for WordPress up to version 6.0.8.6 contains an authentication bypass vulnerability due to insufficient data authenticity verification in the PayPal IPN handler. The handler is accessible to unauthenticated users and updates the database before IPN validation, allowing an attacker to forge an IPN request, overwrite the user ID in a payment log, and then obtain authentication cookies for any user, including administrators.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 11.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action, allowing authenticated attackers with contributor-level access and above to create, modify, and delete quiz output templates in the mlw_quiz_output_templates database table, including storing unsanitized HTML content such as arbitrary script tags.
The Frisbii Pay plugin for WordPress is vulnerable to unauthorized data modification due to missing capability checks in the 'upload_csv' and 'process_batch' functions in all versions up to and including 1.8.9. This allows authenticated attackers with Subscriber-level access and above to upload arbitrary CSV data and overwrite WooCommerce payment tokens, postmeta, and order meta records.
The Page Builder by SiteOrigin plugin for WordPress up to version 2.34.3 contains a stored XSS vulnerability via the panels_data parameter. Insufficient input sanitization and output escaping allow authenticated attackers with Contributor-level access or higher to inject arbitrary scripts that execute when users access the compromised page.
The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activate_plugin function. This allows authenticated attackers with Subscriber-level access or above to activate a limited set of plugins.
The WP Full Stripe Free plugin for WordPress up to version 8.4.3 lacks authorization in the wpfs_update_failed_payment_status AJAX action. Unauthenticated attackers with a valid Stripe Payment Intent ID can manipulate payment records in the database, marking successful payments as failed and overwriting error codes.
The Gutenverse plugin for WordPress is vulnerable to stored XSS via admin settings in all versions up to 3.8.0 due to insufficient input sanitization and output escaping.
The Dokan plugin for WordPress up to version 5.0.4 is vulnerable to Insecure Direct Object Reference (IDOR) via the 'id' parameter. Authenticated attackers with subscriber-level access can read other vendors' products, including unpublished drafts and pending listings.
The Dokan plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Product SKU field in all versions up to and including 5.0.4 due to insufficient input sanitization and output escaping. This allows authenticated attackers with custom-level access or higher to inject arbitrary web scripts that execute when users access affected pages.
The Masteriyo LMS plugin for WordPress up to version 2.2.1 contains an authorization bypass vulnerability. Authenticated attackers with student-level access or higher can modify the content of course announcements created by instructors or administrators.
The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.0.1. This is due to insufficient input sanitization and output escaping on the 'account' and 'id' shortcode attributes, which are concatenated directly into a <script> tag's src attribute. Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts that execute whenever a user visits an injected page.
The Product Specifications for WooCommerce plugin for WordPress up to version 0.8.9 is vulnerable to unauthorized data modification, creation, and deletion. This is due to missing capability checks and nonce verification in the __invoke() methods of the AttributeGroupController and AttributeController classes, allowing authenticated attackers with Subscriber-level access or higher to manipulate product specification groups and attributes.
The Shariff for WordPress plugin through version 1.0.11 does not sanitize or escape the shariff_infourl setting before outputting it in the frontend HTML via the generateshariff() function. This allows high-privilege users such as administrators to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in a multisite setup).
The MaxButtons plugin for WordPress up to version 9.8.5 is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter due to insufficient input sanitization and output escaping. Unauthenticated attackers can inject arbitrary web scripts.
The NEX-Forms plugin for WordPress up to version 9.2.2 contains an authorization bypass vulnerability. Unauthenticated attackers can enumerate sequential report IDs and download complete form submission data, including names, email addresses, phone numbers, postal addresses, payment details, and uploaded file paths.
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before version 4.16.17 does not verify that the user performing a subscription action owns the targeted subscription. This allows any authenticated user (Subscriber+) to cancel other users' active subscriptions via an Insecure Direct Object Reference (IDOR).
The Invoice Generator plugin for WordPress up to version 1.0.0 contains a privilege escalation vulnerability. Missing capability checks in the pravel_invoice_edit_account() AJAX action allow unauthenticated attackers to change the email address of any user, including administrators, and then use the password reset flow to take over the account.
The HD Quiz plugin for WordPress versions 2.2.0 to 2.2.1 is vulnerable to Cross-Site Request Forgery (CSRF) due to missing or incorrect nonce validation in the hdq_validate_nonce function. Unauthenticated attackers can exploit this to delete or modify quizzes and questions, create new quizzes, and change plugin settings by tricking a site administrator into performing an action like clicking a link.

