High CVE-2026-11616 The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 2.3.28. This is due to the ajax_ayi_action() handler only applying strip_tags(esc_sql()) — with no allow-list — to the attacker-controlled...

#Sicherheitslücke

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

[High] CVE-2026-11616 – The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privi...

VERWANDTEARTIKEL

CVE-2026-49741 - TYPO3 CMS - Privilege Escalation & SQL Injection in Form Framework

Google fixes the fifth actively exploited Chrome zero-day of 2026

CVE-2026-46746 - Siemens SINEC INS Command Injection

CVE-2026-46748 - SINEC INS Local Privilege Escalation via CAP_DAC_OVERRIDE

CVE-2026-41031 - A Stored Cross-Site Scripting (XSS) vulnerability occurs in Vinna Process Monitor

CVE-2026-10731 - SQL injection in Nemon products