In the RegistrationMagic plugin for WordPress versions up to and including 6.0.7.4 a medium severity vulnerability CVE-2026-1054 was detected. This vulnerability allows unauthenticated attackers to modify arbitrary plugin settings, including reCAPTCHA keys, security settings, and frontend menu titles, due to missing nonce verification and capability checks on the rm_set_otp AJAX action handler. To address this issue, users should upgrade RegistrationMagic plugin to version 6.0.7.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1054.
Read more CMS
In the Snow Monkey Forms plugin for WordPress versions up to and including 12.0.3 a critical severity vulnerability CVE-2026-1056 was detected. This vulnerability allows unauthenticated attackers to delete arbitrary files on the server due to insufficient file path validation in the generate_user_dirpath function. To address this issue, users should upgrade Snow Monkey Forms plugin to version 12.0.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1056.
Read more CMS
In LibreNMS version 1.46 a high severity vulnerability CVE-2020-36947 was detected. This vulnerability allows authenticated attackers to extract sensitive database information by exploiting a SQL injection flaw in the MAC accounting graph endpoint via the manipulated sort parameter. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2020-36947.
Read more Monitoring
In the Change WP URL plugin for WordPress versions up to and including 1.0 a medium severity vulnerability CVE-2026-1398 was detected. This vulnerability allows unauthenticated attackers to change the WordPress login URL via a forged request due to missing or incorrect nonce validation on the change-wp-url page. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1398.
Read more CMS
In the Vzaar Media Management plugin for WordPress versions up to and including 1.2 a medium severity vulnerability CVE-2026-1391 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts via a Reflected Cross-Site Scripting (XSS) attack due to insufficient input sanitization and output escaping on the $_SERVER[‘PHP_SELF’] variable. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1391.
Read more CMS
In the Bitcoin Donate Button plugin for WordPress versions up to and including 1.0 a medium severity vulnerability CVE-2026-1380 was detected. This vulnerability allows unauthenticated attackers to modify the plugin’s settings, including donation addresses and display configurations, via a forged request due to missing or incorrect nonce validation on the settings page. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1380.
Read more CMS
In the imwptip plugin for WordPress versions up to and including 1.1 a medium severity vulnerability CVE-2026-1377 was detected. This vulnerability allows unauthenticated attackers to update the plugin’s settings via a forged request due to missing nonce validation on the settings update functionality. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1377.
Read more CMS
In the JavaScript Notifier plugin for WordPress versions up to and including 1.2.8 a medium severity vulnerability CVE-2026-1191 was detected. This vulnerability allows authenticated attackers with administrator-level access to inject arbitrary web scripts via plugin settings, which are rendered through the wp_footer action, due to insufficient input sanitization and output escaping of user-supplied attributes. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1191.
Read more CMS Newsflash
In GitLab CE/EE versions from 12.3 up to but not including 18.6.4, 18.7 up to but not including 18.7.2, and 18.8 up to but not including 18.8.2 a medium severity vulnerability CVE-2026-1102 was detected. This vulnerability allows unauthenticated attackers to create a denial of service condition by sending repeated malformed SSH authentication requests, due to improper allocation of resources without adequate limits or throttling. To address this issue, users should upgrade GitLab to versions 18.6.4, 18.7.2, 18.8.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1102.
Read more Newsflash Developer Tools