CVE Vulnerabilities - 19 February 2026

The Dealia WordPress plugin for creating quotes allows contributors and above to modify plugin settings without permission, potentially allowing unauthorized changes to be made to the plugin's configu...

The Whatsiplus Scheduled Notification for WooCommerce plugin is vulnerable to a security threat. An attacker could trick a site administrator into clicking on a malicious link, allowing them to change...

The Virusdie plugin for WordPress, used for website security, exposes sensitive API keys to attackers with Subscriber-level access or above. This allows them to access the site owner's account and pot...

The Shield Security plugin for WordPress allows attackers with Subscriber-level access and above to disable site-wide Email 2-Factor Authentication. This means that even authorized users may not recei...

The Squirrly SEO Plugin for WordPress is affected by a security issue that allows attackers with Subscriber-level access or above to disconnect the site from Squirrly's cloud service. This could lead ...

The Remove Post Type Slug plugin for WordPress is open to attack by a malicious link. If a site admin clicks on a link sent by an attacker, it could change the plugin's settings without permission. Yo...

The Page Title, Description & Open Graph Updater plugin for WordPress is vulnerable to a security threat that allows attackers to change page titles and metadata without permission. This could happen ...

The Country Blocker for AdSense plugin for WordPress is at risk because an attacker can trick an administrator into clicking on a malicious link, allowing them to change plugin settings. This can lead...

If you're using the Shopire theme for WordPress, an attacker with a basic account can install plugins without your permission. This could lead to your site being compromised or used for malicious acti...

The Advanced Ads plugin for WordPress fails to properly check user permissions, allowing authorized users to make unauthorized changes to ad placements. This could allow attackers to change which ads ...

The Mailchimp List Subscribe Form plugin for WordPress is vulnerable to a type of attack that tricks site administrators into changing Mailchimp lists without their knowledge. This can happen if an at...

The ACF Photo Gallery Field plugin for WordPress has a security flaw that lets attackers with subscriber-level access or higher change the title, caption, and metadata of any media files. This could b...

An attacker with subscriber access can modify certain page settings on a WordPress website using the Mesmerize theme. This could lead to changes in page layout and content. Update the Mesmerize Compan...

A security weakness in Keycloak's Docker authentication system allows clients to continue getting authentication tokens even after they've been disabled. This means that administrators can't fully con...

A security weakness exists in Real 3D FlipBook versions 4.16.4 and earlier, potentially allowing unauthorized access to content. This means that if access controls are not properly set up, a user may ...

A bug in Cosign can cause it to accept a signature from a certificate that has expired, but is still considered valid. This could happen if a company uses a custom certificate authority that issues ce...

A security update has been made to the Apache Hono authentication system to prevent potential timing attacks. This change ensures a safer comparison of sensitive data. It's recommended to update to th...

Using OpenClaw versions 2026.2.17 and earlier, an attacker can bypass security controls to read or write files on a system. This is a concern for deployments that use OpenClaw's safe-bin feature. To r...

A security flaw in Busy up to version 2.5.5 can be exploited remotely, allowing an attacker to redirect users to a malicious website. This poses a risk to users who click on links or visit sites that ...

A security issue in OpenClaw versions up to 2026.2.17 allows an attacker with local access to view sensitive information. To fix this, update to OpenClaw version 2026.2.19-beta.1 or patch the File Exi...

A security flaw in Beetel 777VR1 routers up to version 01.00.09 makes it possible for an attacker on the same local network to access hard-coded Wi-Fi passwords. This could allow unauthorized access t...

The OneClick Chat to Order plugin for WordPress has a security flaw that allows attackers with certain access levels to change phone numbers used for customer orders and messages, potentially redirect...

When untrusted data is passed to the uneval() function, it can produce code that creates objects with unexpected properties when evaluated. This can lead to unexpected behavior in the affected softwar...

devalue's `uneval` and `stringify` functions can be exploited to cause a denial-of-service (DoS) on the server if a large sparse array is created and processed. This is difficult to achieve in the wil...

A non-critical issue was fixed in the `keccak` crate, which may potentially cause problems in future versions of Rust. This affects users who use the ARMv8 assembly backend, but the impact is currentl...