Cross-Site Request Forgery (CSRF) vulnerability in Angel Costa WP SEO Search wp-seo-search allows Cross Site Request Forgery.This issue affects WP SEO Search: from n/a through <= 1.1. [CVSS 4.3 MEDIUM]
AA-Team Wordpress Movies Bulk Importer movies importer is affected by cross-site request forgery (csrf) (CVSS 4.3).
Mikado-Themes Wanderland version 1.5 and earlier contains an authorization bypass that allows unauthenticated remote attackers to access restricted functionality due to improperly configured access controls. The vulnerability enables information disclosure with no patch currently available.
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam REHub Framework rehub-framework allows Retrieve Embedded Sensitive Data.This issue affects REHub Framework: from n/a through < 19.9.9.4. [CVSS 4.3 MEDIUM]
Discord's WebSocket API inadvertently discloses whether users have set their status to Invisible rather than offline by including them in the presences array, contradicting the privacy expectation that Invisible users appear completely offline. An authenticated attacker can exploit this information disclosure to determine the true online status of Discord users. No patch is currently available as of January 2026.
Gitea fails to enforce proper authorization checks when users attempt to cancel scheduled auto-merges through the web interface, allowing any user with pull request read access to cancel merge operations initiated by other users. This authorization bypass could disrupt automated workflows and merge processes across repositories. A patch is available to address this vulnerability.
Arul Prasad J WP Quick Post Duplicator wp-quick-post-duplicator is affected by missing authorization (CVSS 4.3).
The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. [CVSS 4.0 MEDIUM]