The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the ‘string-locator-path’ parameter in versions up to, and including 2.5.0. This…

The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the ‘file[package_dir]’ parameter in versions up to, and including 3.2.49. This…

The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the ‘$log_file’ value in versions up to, and including 1.11.16.…

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to deserialization of untrusted input via the ‘path’ parameter in versions up to, and…

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is…

The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.8.1. This is…

In vow, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with…

In vow, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution…

In vow, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with…

In vow, there is a possible undefined behavior due to an API misuse. This could lead to local escalation of privilege with System execution privileges…