Skip to main content
CVE-2026-32042 HIGH POC PATCH This Week

OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated attackers to bypass device pairing requirements and self-assign elevated operator.admin scopes. Attackers with valid shared gateway authentication credentials can present self-signed unpaired device identities to obtain administrator privileges before pairing approval is granted. This is a high-severity vulnerability (CVSS 8.8) with a patch available from the vendor.

Privilege Escalation Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2019-25576 HIGH POC This Week

Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Kepler Wallpaper Script
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2019-25575 HIGH POC This Week

SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simplepress Cms
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-32051 HIGH POC PATCH This Week

An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.write scope to escalate privileges and execute owner-only administrative functions including gateway and cron management through agent runs in scoped-token deployments. This is a privilege escalation issue affecting deployments using scoped authentication tokens, where write-level access can be exploited to perform control-plane operations reserved for owners. With a CVSS score of 8.8 and network-accessible attack vector, this represents a significant authorization bypass, though no KEV listing or public exploitation indicators are currently available.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2019-25578 HIGH POC This Week

phpTransformer 2016.9 contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the idnews parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Path Traversal PHP
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2019-25580 HIGH POC This Week

ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the IMG parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload SQLi PHP
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.0%
CVE-2019-25560 HIGH POC This Week

Lyric Video Creator 2.1 contains a denial of service vulnerability that allows attackers to crash the application by processing malformed MP3 files.

Denial Of Service Lyric Video Creator
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2019-25552 HIGH POC This Week

CEWE PHOTO SHOW 6.4.3 contains a denial of service vulnerability that allows attackers to crash the application by submitting an excessively long buffer to the password field. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Cewe Photo Show
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2019-25581 HIGH POC This Week

i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Doit Cmdb
NVD Exploit-DB VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-32064 HIGH POC PATCH GHSA This Week

OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, allowing any attacker with access to the host's loopback interface to view or interact with sandboxed browser sessions without credentials. All OpenClaw versions prior to 2026.2.21 are affected. This vulnerability has been publicly disclosed with patches available from the vendor, though no EPSS score, KEV status, or public POC references were provided in the intelligence data.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-32055 HIGH POC PATCH GHSA This Week

OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace directory by exploiting improper symlink resolution in path validation checks. An attacker with workspace access can leverage in-workspace symlinks pointing to external targets to bypass boundary restrictions on the first write operation. Public exploit code exists for this vulnerability, and a patch is available.

Path Traversal Openclaw
NVD GitHub VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2019-25579 HIGH POC This Week

phpTransformer 2016.9 contains a directory traversal vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the path parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Phptransformer
NVD Exploit-DB VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-32056 HIGH POC PATCH GHSA This Week

OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run function that allows attackers to bypass command allowlist protections. Authenticated remote attackers with low privileges can inject malicious shell startup files (.bash_profile, .zshenv) via unsanitized HOME and ZDOTDIR variables to achieve arbitrary code execution before allowlisted commands execute. A patch is available from the vendor via GitHub commit c2c7114ed39a547ab6276e1e933029b9530ee906.

RCE Command Injection Openclaw
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-32049 HIGH POC PATCH GHSA This Week

OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consistently enforce configured inbound media byte limits across multiple channel ingestion paths. Remote unauthenticated attackers can exploit this by sending oversized media payloads to cause elevated memory consumption and process instability, leading to denial of service. The vulnerability has a CVSS score of 7.5 (High severity) with network-based attack vector and low complexity, though no active exploitation (KEV) or public proof-of-concept has been reported at this time.

Denial Of Service Openclaw
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-32048 HIGH POC PATCH This Week

OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low privileges to bypass runtime confinement restrictions. Attackers can exploit a flaw in cross-agent sessions_spawn operations to create child processes under unsandboxed agents, effectively disabling sandbox protections by setting sandbox.mode to off. While the CVSS score is 7.5 (High), there is no evidence of active exploitation (not in CISA KEV), though the vulnerability has been publicly disclosed through GitHub Security Advisories and VulnCheck, increasing the likelihood of proof-of-concept development.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-4529 HIGH POC This Week

Stack-based buffer overflow in D-Link DHP-1320 PowerLine AV adapter (firmware 1.00WWB04) allows remote authenticated attackers to execute arbitrary code with full device control via malformed SOAP requests to the redirect_count_down_page function. Publicly available exploit code exists on GitHub (confirmed by VulDB). EPSS score of 0.04% (14th percentile) indicates low observed exploitation in the wild despite POC availability. Product reached end-of-life and receives no security updates from D-Link, making this a permanent risk for deployed devices.

Stack Overflow D-Link Buffer Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2019-25573 HIGH POC This Week

Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-4261 HIGH This Week

The Expire Users plugin for WordPress versions up to and including 1.2.2 contains a privilege escalation vulnerability that allows authenticated users with Subscriber-level access or higher to elevate their privileges to administrator level. This occurs because the plugin improperly allows users to update the 'on_expire_default_to_role' meta field through the 'save_extra_user_profile_fields' function without proper authorization checks. With a CVSS score of 8.8 (High severity), this represents a critical security issue for affected WordPress installations, though no active exploitation (KEV) or EPSS data has been reported at this time.

Authentication Bypass WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2941 HIGH This Week

The Linksy Search and Replace plugin for WordPress versions up to 1.0.4 contains a missing capability check vulnerability that allows authenticated attackers with subscriber-level access or higher to modify arbitrary database tables. Attackers can exploit this to elevate their privileges to administrator by modifying the wp_capabilities field, achieving complete site takeover. With a CVSS score of 8.8 (High), this represents a critical privilege escalation vulnerability affecting authenticated users with minimal access.

Authentication Bypass WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3334 HIGH PATCH This Week

The CMS Commander plugin for WordPress contains an SQL Injection vulnerability in all versions up to and including 2.288. Authenticated attackers with API key access can exploit the 'or_blogname', 'or_blogdescription', and 'or_admin_email' parameters in the restore workflow to append malicious SQL queries and extract sensitive database information. With a CVSS score of 8.8, this represents a high-severity vulnerability requiring low attack complexity and low privileges, though no active exploitation (KEV) or public POC has been reported at this time.

WordPress SQLi
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-1313 HIGH This Week

The MimeTypes Link Icons plugin for WordPress contains a Server-Side Request Forgery (SSRF) vulnerability affecting all versions up to and including 3.2.20. Authenticated attackers with Contributor-level access or higher can exploit this flaw when the 'Show file size' option is enabled by embedding crafted links in post content, allowing them to make arbitrary HTTP requests from the server to internal or external resources. This enables querying and potentially modifying information from internal services that should not be accessible from the public internet.

WordPress SSRF
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-3629 HIGH This Week

The Import and export users and customers plugin for WordPress contains a privilege escalation vulnerability that allows unauthenticated attackers to gain Administrator privileges. All versions up to and including 1.29.7 are affected. The vulnerability can only be exploited when specific configuration conditions are met (the 'Show fields in profile' setting is enabled and a CSV with wp_capabilities column has been previously imported), which increases attack complexity but does not eliminate the critical risk.

WordPress Privilege Escalation
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-14037 HIGH This Week

The Invelity Product Feeds plugin for WordPress contains an arbitrary file deletion vulnerability through path traversal in versions up to and including 1.2.6. Authenticated administrators can be socially engineered into clicking malicious links that delete arbitrary server files due to missing validation in the createManageFeedPage function. No evidence of active exploitation (not in KEV) exists, though the vulnerability is publicly documented with technical details available via WordPress plugin repository references.

CSRF WordPress Path Traversal
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-4373 HIGH This Week

The JetFormBuilder plugin for WordPress contains a critical path traversal vulnerability allowing unauthenticated attackers to read arbitrary files from the server. All versions up to and including 3.5.6.2 are affected. Attackers can exploit this to exfiltrate sensitive local files as email attachments by submitting crafted form requests with malicious Media Field payloads, with a CVSS score of 7.5 indicating high confidentiality impact.

WordPress Path Traversal
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-1800 HIGH This Week

The Fonts Manager | Custom Fonts plugin for WordPress contains a time-based SQL injection vulnerability in versions up to and including 1.2. Unauthenticated attackers can exploit the vulnerable 'fmcfIdSelectedFnt' parameter to extract sensitive database information without requiring any privileges or user interaction. The vulnerability has a CVSS score of 7.5, indicating high confidentiality impact, though no KEV listing or EPSS score is provided in the available data.

WordPress SQLi
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-2468 HIGH This Week

The Quentn WP plugin for WordPress contains an SQL Injection vulnerability that allows unauthenticated attackers to extract sensitive database information through a malicious 'qntn_wp_access' cookie value. All versions up to and including 1.2.12 are affected. With a CVSS score of 7.5 and requiring no authentication or user interaction, this represents a significant risk for WordPress sites using this plugin, though no active exploitation (KEV) or public proof-of-concept has been documented at this time.

WordPress SQLi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-3478 HIGH This Week

The Content Syndication Toolkit plugin for WordPress contains an unauthenticated Server-Side Request Forgery vulnerability that allows attackers to make arbitrary HTTP requests from the WordPress server. All versions up to and including 1.3 are affected through a bundled ReduxFramework library that exposes an unprotected AJAX proxy endpoint. Attackers can exploit this to query internal services, scan internal network ports, access cloud metadata endpoints, or interact with internal APIs without any authentication, representing a significant risk for reconnaissance and lateral movement in internal networks.

WordPress SSRF
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-3003 HIGH This Week

The Vagaro Booking Widget plugin for WordPress contains a Stored Cross-Site Scripting (XSS) vulnerability in the 'vagaro_code' parameter affecting all versions up to and including 0.3. Unauthenticated attackers can inject malicious JavaScript that executes whenever any user visits the compromised page, potentially leading to session hijacking, credential theft, or further site compromise. The CVSS score of 7.2 reflects network-based exploitation with no authentication required and changed scope, indicating the attack can affect resources beyond the vulnerable component.

WordPress XSS
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-2440 HIGH This Week

The SurveyJS WordPress plugin contains a stored cross-site scripting (XSS) vulnerability affecting all versions up to and including 2.5.3. Unauthenticated attackers can submit malicious HTML-encoded payloads through public survey forms that execute when administrators view survey results in the WordPress admin dashboard. With a CVSS score of 7.2 and no authentication required, this represents a significant risk to WordPress sites using this plugin.

WordPress XSS
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-4302 HIGH This Week

The WowOptin: Next-Gen Popup Maker plugin for WordPress contains a Server-Side Request Forgery (SSRF) vulnerability affecting all versions up to and including 1.4.29. An unauthenticated attacker can exploit a publicly accessible REST API endpoint (optn/v1/integration-action) that passes user-supplied URLs directly to wp_remote_get() and wp_remote_post() without validation, allowing arbitrary web requests from the server. This enables querying and modifying information from internal services with a CVSS score of 7.2 (High), though no active exploitation (KEV) or public POC has been documented at this time.

WordPress SSRF
NVD VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-1648 HIGH This Week

The Performance Monitor plugin for WordPress contains a Server-Side Request Forgery (SSRF) vulnerability in its REST API endpoint that allows unauthenticated attackers to make arbitrary web requests to internal services using dangerous protocols including Gopher. Versions up to and including 1.0.6 are affected. This vulnerability can be chained with services like Redis to achieve Remote Code Execution, making it a critical security concern despite the 7.2 CVSS score.

Redis WordPress SSRF RCE
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-2279 HIGH PATCH This Week

The myLinksDump plugin for WordPress contains a SQL injection vulnerability in the 'sort_by' and 'sort_order' parameters affecting all versions up to and including 1.6. Authenticated attackers with administrator-level access can exploit insufficient input escaping and inadequate SQL query preparation to append malicious SQL queries and extract sensitive database information. While requiring high privileges (PR:H), the vulnerability has a CVSS score of 7.2 with high impact to confidentiality, integrity, and availability.

WordPress SQLi
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy