CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
The Slim SEO plugin for WordPress up to version 4.9.8 contains a vulnerability allowing unauthorized disclosure of private content. The issue is in the REST API endpoint `/wp-json/slim-seo/meta-tags/ai`, which does not properly verify user permissions to read a specific post, enabling authenticated attackers with Contributor-level access or higher to retrieve summaries of any post's content, including private, draft, pending, future, and password-protected posts.
Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects unsupported versions 9.0.20.x and potentially earlier unsupported versions.
The Qi Blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference (IDOR) in versions up to and including 1.4.9. Missing validation on the 'page_id' parameter allows authenticated attackers with author-level access or higher to modify Qi Blocks styles of arbitrary posts, templates, or widgets they do not own, including site-wide surfaces via reserved 'template' and 'widget' values.
The Salon Booking System WordPress plugin before version 10.30.20 lacks proper authorization checks on one of its AJAX actions, allowing any authenticated user (e.g., a subscriber) to modify a plugin setting and bypass manual approval of new bookings.
The User Submitted Posts WordPress plugin before version 20260608 does not escape a submitted value before outputting it in an admin-configured display template, leading to a Stored Cross-Site Scripting vulnerability. This can be triggered by unauthenticated users when a non-default display option is enabled.
The WS Form LITE WordPress plugin before version 1.11.8 lacks a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level access and above to modify the plugin's settings.
A heap-based buffer overflow vulnerability was found in Open Asset Import Library Assimp up to version 5.4.3 in the Assimp::SceneCombiner::Copy function. Manipulating width/height arguments triggers the overflow.
The Kali Forms plugin for WordPress up to version 2.4.13 is vulnerable to Stored XSS via the 'meta[kaliforms_field_components]' parameter. Authenticated attackers with contributor-level access or higher can inject arbitrary scripts that execute when a user visits the compromised page.
UltraVNC repeater up to version 1.8.2.2 contains an integer overflow in the win_log() function during memory allocation for list nodes. An attacker can send a sufficiently long HTTP URI, leading to a heap buffer overflow, potentially allowing out-of-bounds write.
A Stored XSS vulnerability in the Cargo extension for MediaWiki allows an attacker to inject a malicious script that is stored on the server and executed in the victim's browser. The issue affects versions before 3.9.1.
A CSRF vulnerability in the RedirectManager extension for MediaWiki allows an attacker to perform unauthorized actions on behalf of an authenticated user. The issue affects versions before 1.3.3.
UltraVNC through 1.8.2.2 contains an out-of-bounds read in the wide-string to multibyte conversion helper. The vncWc2Mb() function in rfb/dh.cpp:204 calls wcslen() on a caller-supplied WCHAR pointer without prior bounds check, potentially reading past the buffer.
UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. The vncRandomBytes() function seeds libc rand() with time(0) + getpid() + rand(), resulting in a seed space of approximately 31 bits determined by publicly observable values. An attacker can predict the challenge within seconds, enabling forgery or offline brute-forcing of responses.
The Event Organiser plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 3.12.9. This is due to the 'eo_events' shortcode accepting attacker-controlled 'no_events' content and rendering it in event list templates without output escaping.
The Tutor LMS plugin for WordPress up to version 3.9.13 inclusive is vulnerable to Stored Cross-Site Scripting via Lesson Attachment Title due to insufficient input sanitization and output escaping.
The GiveWP plugin for WordPress up to 4.16.0 is vulnerable to stored XSS via the 'givewp_campaign_comments' shortcode attributes. Authenticated attackers with author-level access can inject arbitrary scripts that execute on every page visit.
The Wp Google Places Review Slider plugin for WordPress up to version 18.1 is vulnerable to Reflected Cross-Site Scripting via the 'place' parameter. Insufficient input sanitization and output escaping in admin/partials/googlecrawl_dfs.php allow unauthenticated attackers to inject arbitrary scripts that execute when a user clicks a crafted link.
The Kadence Blocks plugin for WordPress up to version 3.7.7 is vulnerable to Insecure Direct Object Reference (IDOR). The authorization check uses a user-supplied post_id, but the actual read/delete operations on optimizer analysis records are performed using a hash of the post_path, which can be manipulated by the attacker. This allows authenticated attackers with Contributor-level access or higher to read or delete analysis records belonging to other users' posts.
The Kadence Blocks plugin for WordPress up to version 3.7.7 fails to properly verify user authorization, allowing authenticated attackers with contributor-level access or higher to create arbitrary Media Library attachments. Attackers can remotely download images to the uploads directory, bypassing the upload_files capability boundary.
The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'video_player' shortcode 'align' attribute in all versions up to and including 7.5.51.7212 due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts that execute when users access affected pages.

