CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
The AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. This allows an authenticated AIL user to craft malicious item identifiers that may lead to unauthorized disclosure of local files.
The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to and including 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action, allowing unauthenticated attackers to view customers' subscription data.
The STRABL – A checkout solution plugin for WordPress is vulnerable to Missing Authentication in all versions up to and including 4.5. The plugin registers a REST API webhook endpoint that allows all incoming requests without any authentication checks.
The WP Hotel Booking WordPress plugin before 2.3.1 does not enforce capability checks in several of its AJAX handlers, allowing authenticated users with Subscriber-level access to read other users' booking line items, enumerate active coupons, and read pricing data.
The Bogo plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 3.9.1. This allows authenticated attackers with subscriber-level access and above to extract the raw title, content, excerpt, and password of any private, draft, or password-protected post.
The Royal Addons for Elementor plugin for WordPress is vulnerable to arbitrary file read in versions 1.7.1058 through 1.7.1059. The issue arises from the wpr_get_csv_handle() function, which does not validate the URL and allows attackers to read the contents of any file accessible to the PHP process.
The Woosa – Marktplaats for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in versions up to and including 2.0.4. This is due to insufficient path sanitization in the render_logs_ui() function, which accepts a base64-encoded file name and concatenates it directly with the plugin's log directory path.
In libexpat before version 2.8.2, there is a heap-based buffer overflow in the doProlog function in xmlparse.c. This issue arises from mishandling of scaffold backing array reallocation when there is data-structure sharing across parsers.
libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation. This can lead to a use-after-free situation.
The Advanced Import plugin for WordPress is vulnerable to Server-Side Request Forgery (SSRF) in all versions up to and including 1.4.6. The issue arises from the lack of validation of the user-supplied URL in the demo_download_and_unzip() function, allowing requests to be sent to internal network resources.
The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via custom booking field labels in all versions up to and including 1.4.4 due to insufficient input sanitization and output escaping.
Versions of the package ts-deepmerge before 8.0.0 are vulnerable to Uncaught Exception due to the improper handling of built-in Object.prototype methods (such as toString, valueOf). When user-controlled input contains these keys with non-function values, the resulting merged object becomes broken, leading to TypeError crashes.
The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 2.1.45 due to insufficient input sanitization and output escaping.
The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the Gutenberg block in versions up to 4.5.3. This is due to insufficient input sanitization and output escaping in the CategorySlateLayout::render() method.
The Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to and including 2.8.7. This allows unauthenticated attackers to make web requests to arbitrary locations, enabling access to internal services.
A vulnerability has been identified in armeria-xds versions 1.38.0 through 1.39.0, where DataSourceStream in the xDS module can resolve control-plane-supplied filenames and environment variables without restriction.
The Classified Listing – Classified ads & Business Directory plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 5.4.2. This is due to a missing capability/ownership check on the gallery_image_update_as_feature AJAX handler, allowing authenticated attackers to change the featured image of arbitrary listings they do not own.
Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate or join token can manipulate files in an imported remote cluster.
The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 3.1.39. This is due to the plugin not properly verifying that a user is authorized to perform an action, allowing unauthenticated attackers to process SAR requests using any victim email address.
The User Admin Simplifier plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to and including 3.0.0. This is due to missing or incorrect nonce validation on the useradminsimplifier_options_page function, allowing unauthenticated attackers to reset and permanently delete users' menu and admin-bar configurations.

