CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
The GiveWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sequoia[introduction][image]' parameter in versions up to and including 4.16.1 due to insufficient input sanitization and output escaping.
The Houzez Property Feed plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to and including 2.5.46. This is due to insufficient escaping and lack of proper SQL query preparation in the prepare_items() method of the Houzez_Property_Feed_Admin_Logs_Export_Table and Houzez_Property_Feed_Admin_Logs_Import_Table classes.
The User Registration & Membership WordPress plugin before version 5.2.0 does not enforce payment completion before activating a paid membership subscription. This allows unauthenticated users (after self-registering an account through the open registration flow) to obtain an active subscription on any paid plan without paying and access the gated content.
The Adminify WordPress plugin before version 4.2.10 fails to perform per-user read-capability checks in one of its administration search features, allowing low-privilege users (Contributor) to disclose non-public content such as other authors' unpublished post titles, pending comment content, plugin inventory, and user account names.
The Envo's Templates & Widgets for Elementor and WooCommerce plugin up to version 1.4.26 lacks authorization in the Envo Tabs widget, allowing authenticated attackers with Author-level access to disclose private Elementor content. By supplying a private template ID in the widget, an attacker can make that content visible to anonymous visitors.
The Email Subscribers & Newsletters plugin for WordPress up to version 5.9.27 is vulnerable to authorization bypass. Authenticated attackers with contributor-level access or higher can overwrite mail settings, create audience lists, insert contacts, create and overwrite newsletters, add workflows, and send mass emails to arbitrary recipients.
The Fluent Forms WordPress plugin before version 6.2.5 does not properly restrict the deletion of form submission entries to the forms a restricted Manager is authorized to manage. This allows a Manager limited to specific forms to permanently delete submission entries belonging to other forms. This requires a non-default configuration where an administrator has created at least one Manager restricted to specific forms.
The Insert Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post custom field keys (meta key names) in all versions up to and including 3.11.4. This is due to insufficient output escaping of the custom field key ($key) in the the_meta() function, while the field value is properly sanitized. Authenticated attackers with author-level access or above can inject arbitrary web scripts that execute when a user views an injected page.
The yootheme WordPress theme before version 5.0.35 does not prevent its bundled front-end framework from treating certain HTML attributes, which are permitted by wp_kses_post(), as markup. This allows users with the Author role to perform Stored Cross-Site Scripting attacks that execute in the browser of any user viewing the affected post.
The GeoWebPlayer (Web Plugin/WS Player) addon for GeoVision software contains a buffer overflow vulnerability in the handler for the `connectionInfo` command. An attacker on localhost can send crafted JSON data that is copied into fixed-size buffers without length checks, causing overflow.
The GeoWebPlayer (Web Plugin/WS Player) addon for GeoVision software (GV-VMS, GV-Cloud) contains a buffer overflow vulnerability in the function handling the `connectionInfo` command. An attacker from localhost can send crafted JSON data that is copied into fixed-size buffers without length checking, causing overflow.
A buffer overflow vulnerability in GeoWebPlayer (Web Plugin) allows an attacker from localhost to execute code by sending a crafted WebSocket request with an overly long 'password' field. The handle_connection_info function copies data into fixed-size buffers without length checks, causing overflow.
The GeoWebPlayer addon (Web Plugin/WS Player) for GeoVision software (GV-VMS, GV-Cloud) contains a buffer overflow vulnerability in the handle_connection_info function. An attacker on localhost can send a crafted websocket request with a username field that copies data into a fixed-size buffer without length checking.
The GeoWebPlayer addon (Web Plugin/WS Player) for GeoVision software (GV-VMS, GV-Cloud) contains a buffer overflow vulnerability in the handle_connection_info function. An attacker from localhost can send a crafted JSON request with a password field that is copied into a fixed-size buffer without length checking, causing overflow.
The GeoWebPlayer addon (Web Plugin/WS Player) for GeoVision software contains a buffer overflow vulnerability in the handle_connection_info function. An attacker from localhost can send a crafted JSON request that overflows a buffer in the username field due to manual byte-by-byte copying without length checks.
A vulnerability in GeoWebPlayer (Web Plugin) allows out-of-bounds array access due to improper index validation in WebSocket commands. An attacker from localhost can exploit this to perform unauthorized operations.
The GeoWebPlayer addon (also known as Web Plugin or WS Player) for GeoVision software (GV-VMS, GV-Cloud) contains an out-of-bounds read vulnerability in the handling of the 'pause' command. This could lead to unexpected behavior or potential security compromise.
A vulnerability in GeoWebPlayer (Web Plugin/WS Player) for GeoVision software (GV-VMS, GV-Cloud) stems from missing validation of the `index` value in commands received from localhost. This allows out-of-bounds array access, potentially leading to uncontrolled behavior.
A vulnerability in GeoWebPlayer (Web Plugin/WS Player) for GeoVision software (GV-VMS, GV-Cloud) stems from missing validation of the 'index' value in the 'disconnect' command of the WebSocket server. This allows out-of-bounds array access, potentially leading to unexpected behavior or control flow hijacking.
The GeoWebPlayer addon (Web Plugin/WS Player) for GeoVision software (GV-VMS, GV-Cloud) contains an out-of-bounds read vulnerability in the `saveVideo` command. The index from the WebSocket message is not validated, allowing access to critical sections and function pointers beyond array bounds, potentially leading to arbitrary code execution.

