User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Limited Page Content Modification

Published 2026-05-05 by Wordfence

Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern

Published 2026-05-05 by apache

Apache Thrift: Node.js web_server.js multi-vulnerability

Published 2026-05-05 by apache

Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.42 - Unauthenticated SQL Injection via 'inputs'

Published 2026-05-05 by Wordfence

Apache Thrift: TSSLTransportFactory.java hostname verification

Published 2026-05-05 by apache

WordPress WebinarIgnition plugin <= 4.08.253 - SQL Injection vulnerability

Published 2026-05-05 by Patchstack

Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.52.1 - Unauthenticated Arbitrary File Read via 'upload-1[file][file_path]'

Published 2026-05-05 by Wordfence

Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.52.0 - Missing Authorization to Unauthenticated Stripe PaymentIntent Reuse / Underpayment Bypass via 'paymentid' Parameter

Published 2026-05-05 by Wordfence

GenerateBlocks <= 2.2.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via Dynamic Tag Replacements

Published 2026-05-05 by Wordfence

PaperCut Hive (Ricoh): Plain text password in logs

Published 2026-05-05 by PaperCut