Posts

CVE-2026-40478 Thymeleaf Template Injection: From Sandbox Bypass to Unauthenticated RCE Overview Published: 04/17/2026 CVE-ID: CVE-2026-40478 CVSS: 9.1 Critical Affected Engine: Thymeleaf Server Side Template Engine Affected Versions: 3.1.3.RELEASE and prior CWE: CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement (‘Expression Language Injection’) and CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine Description Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it fails to properly neutralize specific syntax patterns that allow for the execution of unauthorized expressions. If an application developer passes unvalidated user input directly to the template engine, an unauthenticated remote attacker can bypass the library’s protections to achieve Server-Side Template Injection (SSTI). This issue has ben fixed in version 3.1.4.RELEASE. ...

WordPress All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login Plugin <= 2.2.5 is vulnerable to a high priority Bypass Vulnerability Overview Published: 2026-03-03 CVE-ID: CVE-2026-2628 CVSS: 9.8 Critical Affected Plugin: All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login Plugin Affected Versions: <= 2.2.5 CWE: CWE-288 Authentication Bypass Using an Alternate Path or Channel Description The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.2.5. This makes it possible for unauthenticated attackers to bypass authentication and log in as other users, including administrators. ...

CVE-2026-2942 WordPress ProSolution WP Client Plugin <= 1.9.9 is vulnerable to a high priority Arbitrary File Upload Overview Published: 2026-04-08 ** CVE-ID:** CVE-2026-2942 CVSS: 9.8 Critical Affected Plugin: ProSolution WP Client Plugin Affected Versions: <= 1.9.9 CWE: CWE-434 Unrestricted Upload of File with Dangerous Type Description The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘proSol_fileUploadProcess’ function in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. ...

CVE-2026-3658 WordPress Simply Schedule Appointments Plugin <= 1.6.10.0 is vulnerable to a high priority SQL Injection Overview Published: 2026-03-19 CVE-ID: CVE-2026-3658 CVSS: 7.5 High Affected Plugin: Simply Schedule Appointments Affected Versions: <= 1.6.10.0 CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command Description The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘fields’ parameter in all versions up to, and including, 1.6.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database, including usernames, email addresses, and password hashes. ...

CVE-2026-1581 WordPress wpForo Forum Plugin is vulnerable to a high priority SQL Injection Overview Published: 2026-02-19 CVE-ID: CVE-2026-1581 CVSS: 7.5 Affected Plugin: WordPress wpForo Forum Plugin Affected Versions: <= 2.4.14 Vulnerability Type: High priority SQL Injection CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command. Description The wpForo Forum plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpfob’ parameter in all versions up to, and including, 2.4.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. ...

CVE-2026-0702 WordPress VidShop Plugin <= 1.1.4 is vulnerable to a high priority SQL Injection VidShop Plugin Vulnerable to SQL Injection Overview Published: 2026-01-28 CVE-ID: CVE-2026-0702 CVSS: 7.5 High Affected Plugin: VidShop Plugin Affected Versions: <= 1.1.4 Vulnerability Type: High priority SQL Injection CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command Description The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fields’ parameter in all versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. ...

CVE-2026-23550 WordPress Modular DS Plugin <= 2.5.1 is vulnerable to a high priority Privilege Escalation WordPress Modular DS Plugin Privilege Escalation Vulnerability Overview Published: 2026-01-14 CVE-ID: CVE-2026-23550 CVSS: 10.0 Critical (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) Affected Plugin: WordPress Modular DS Plugin Affected Versions: <= 2.5.1 Vulnerability Type: High priority Privilege Escalation CWE: CWE-266 Incorrect Privilege Assignment Description Incorrect Privilege Assignment vulnerability in Modular DS allows Privilege Escalation.This issue affects Modular DS: from n/a through 2.5.1. ...

CVE-2026-3459 WordPress Drag and Drop Multiple File Upload – Contact Form 7 Plugin <= 1.3.9.5 is vulnerable to a high priority Arbitrary File Upload Overview Published: 2026-03-05 CVE-ID: CVE-2026-3459 CVSS: 8.1 High Affected Plugin: Drag and Drop Multiple File Upload – Contact Form 7 Plugin Affected Versions: <= 1.3.9.5 Vulnerability Type: Arbitrary File Upload CWE: CWE-434 Unrestricted Upload of File with Dangerous Type Description The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnd_upload_cf7_upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. This can be exploited if the form includes a multiple file upload field with ‘*’ as the accepted file type. ...

CVE-2026-2511 JS Help Desk – AI-Powered Support & Ticketing System <= 3.0.4 - Unauthenticated SQL Injection via ‘multiformid’ Parameter Overview Published: 2026-03-26 CVE-ID: CVE-2026-2511 CVSS: 7.5 High Affected Plugin: JS Help Desk – AI-Powered Support & Ticketing System Affected Versions: <= 3.0.4 Vulnerability Type: Unauthenticate SQL Injection CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command Description The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the multiformid parameter in the storeTickets() function in all versions up to, and including, 3.0.4. This is due to the user-supplied multiformid value being passed to esc_sql() without enclosing the result in quotes in the SQL query, rendering the escaping ineffective against payloads that do not contain quote characters. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. ...

CVE-2026-2232 Product Table and List Builder for WooCommerce Lite Vulnerable To Unauthenticated Time-Based SQL Injection via ‘search’ Parameter Overview Published: 2026-02-19 CVE-ID: CVE-2026-2232 CVSS: 7.5 High Affected Plugin: Product Table and List Builder for WooCommerce Lite Affected Versions: <= 4.6.2 Vulnerability Type: Unauthenticate Time-Based SQL Injection CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command Description The Product Table and List Builder for WooCommerce Lite plugin for WordPress is vulnerable to time-based SQL Injection via the ‘search’ parameter in all versions up to, and including, 4.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. ...