Tag
Salon Booking System WordPress Plugin Arbitrary File Read Vulnerability
2 rules 1 TTP 1 CVEThe Salon Booking System WordPress plugin is vulnerable to arbitrary file read, allowing unauthenticated attackers to exfiltrate local files by manipulating file-field values in booking confirmation emails.
WP Mail Gateway Plugin Vulnerability Leads to Privilege Escalation
2 rules 1 TTP 1 CVEThe WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check, allowing authenticated attackers to modify SMTP settings and escalate privileges.
WordPress Temporary Login Plugin Authentication Bypass (CVE-2026-7567)
2 rules 1 TTP 1 CVEThe Temporary Login plugin for WordPress versions up to 1.0.0 is vulnerable to authentication bypass due to improper input validation, allowing unauthenticated attackers to log in as arbitrary temporary users by sending a specially crafted GET request.
WordPress Create DB Tables Plugin Authorization Bypass Vulnerability (CVE-2026-4119)
2 rules 3 TTPs 1 CVEThe Create DB Tables plugin for WordPress versions 1.2.1 and earlier is vulnerable to an authorization bypass, allowing authenticated users to create and delete database tables without proper checks, potentially leading to complete site destruction.
Media Library Assistant WordPress Plugin SQL Injection Vulnerability
2 rules 1 TTP 1 CVEThe Media Library Assistant WordPress plugin through version 3.34 is vulnerable to SQL injection, allowing attackers to manipulate database queries.
Contest Gallery WordPress Plugin Authentication Bypass Vulnerability (CVE-2026-4021)
2 rules 3 TTPs 1 IOCCVE-2026-4021 describes an authentication bypass vulnerability in the Contest Gallery plugin for WordPress, allowing unauthenticated attackers to gain admin access by manipulating the user activation key and using an AJAX login endpoint.