0X34Rth

#19284de 53,632
13.7CVSS total
Vulnerabilidades · 3
Média
3
PT-2026-6019
4.4
2026-02-04
WordPress · Extended Random Number Generator · CVE-2026-0681
**Name of the Vulnerable Software and Affected Versions** Extended Random Number Generator versions prior to 1.2 **Description** The Extended Random Number Generator plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin settings. Insufficient input sanitization and output escaping allow authenticated attackers with administrator-level access to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. This issue specifically impacts multi-site installations and those where unfiltered html has been disabled. **Recommendations** Update Extended Random Number Generator to version 1.2 or later.
PT-2026-6021
4.4
2026-02-04
WordPress · Wp Content Permission · CVE-2026-0743
**Name of the Vulnerable Software and Affected Versions** WP Content Permission versions prior to 1.3 **Description** The WP Content Permission plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping in the `ohmem-message` parameter. An authenticated attacker with Administrator-level access or higher can inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. The API endpoint involved is not explicitly mentioned. The vulnerable parameter is `ohmem-message`. **Recommendations** Update WP Content Permission to version 1.3 or later.
PT-2026-6022
4.9
2026-02-04
WordPress · Push Notification For Wp · CVE-2026-0816
**Name of the Vulnerable Software and Affected Versions** All push notification for WP versions up to and including 1.5.3 **Description** The All push notification for WP plugin for WordPress is susceptible to time-based SQL Injection via the `delete id` parameter. This is due to inadequate escaping of user-supplied input and insufficient preparation of the existing SQL query. Successful exploitation allows authenticated attackers with administrator-level access or higher to inject additional SQL queries into existing queries, potentially enabling the extraction of sensitive information from the database. **Recommendations** Versions prior to and including 1.5.3 should be updated to a newer, fixed version when available.