In the Frontend File Manager plugin for WordPress versions up to and including 23.5 a high severity vulnerability CVE-2026-1280 was detected. This vulnerability allows unauthenticated attackers to share arbitrary uploaded files via email and enumerate all uploaded files on the site – potentially exfiltrating sensitive administrator-only data – due to a missing capability check on the wpfm_send_file_in_email AJAX action and the use of sequential file IDs. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1280.
Read more CMSIn the RegistrationMagic plugin for WordPress versions up to and including 6.0.7.4 a medium severity vulnerability CVE-2026-1054 was detected. This vulnerability allows unauthenticated attackers to modify arbitrary plugin settings, including reCAPTCHA keys, security settings, and frontend menu titles, due to missing nonce verification and capability checks on the rm_set_otp AJAX action handler. To address this issue, users should upgrade RegistrationMagic plugin to version 6.0.7.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1054.
Read more CMSIn the Snow Monkey Forms plugin for WordPress versions up to and including 12.0.3 a critical severity vulnerability CVE-2026-1056 was detected. This vulnerability allows unauthenticated attackers to delete arbitrary files on the server due to insufficient file path validation in the generate_user_dirpath function. To address this issue, users should upgrade Snow Monkey Forms plugin to version 12.0.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1056.
Read more CMSIn LibreNMS version 1.46 a high severity vulnerability CVE-2020-36947 was detected. This vulnerability allows authenticated attackers to extract sensitive database information by exploiting a SQL injection flaw in the MAC accounting graph endpoint via the manipulated sort parameter. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2020-36947.
Read more MonitoringIn the Change WP URL plugin for WordPress versions up to and including 1.0 a medium severity vulnerability CVE-2026-1398 was detected. This vulnerability allows unauthenticated attackers to change the WordPress login URL via a forged request due to missing or incorrect nonce validation on the change-wp-url page. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1398.
Read more CMSIn the Vzaar Media Management plugin for WordPress versions up to and including 1.2 a medium severity vulnerability CVE-2026-1391 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts via a Reflected Cross-Site Scripting (XSS) attack due to insufficient input sanitization and output escaping on the $_SERVER[‘PHP_SELF’] variable. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1391.
Read more CMSIn the Bitcoin Donate Button plugin for WordPress versions up to and including 1.0 a medium severity vulnerability CVE-2026-1380 was detected. This vulnerability allows unauthenticated attackers to modify the plugin’s settings, including donation addresses and display configurations, via a forged request due to missing or incorrect nonce validation on the settings page. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1380.
Read more CMSIn the imwptip plugin for WordPress versions up to and including 1.1 a medium severity vulnerability CVE-2026-1377 was detected. This vulnerability allows unauthenticated attackers to update the plugin’s settings via a forged request due to missing nonce validation on the settings update functionality. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1377.
Read more CMSIn the JavaScript Notifier plugin for WordPress versions up to and including 1.2.8 a medium severity vulnerability CVE-2026-1191 was detected. This vulnerability allows authenticated attackers with administrator-level access to inject arbitrary web scripts via plugin settings, which are rendered through the wp_footer action, due to insufficient input sanitization and output escaping of user-supplied attributes. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1191.
Read more CMS Newsflash