2026-01-24 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2021-47888 | The Textpattern Development Team - Textpattern | Textpattern versions prior to 4.8.3 contain an authenticated remote code execution vulnerability that allows logged-in users to upload malicious PHP files. Attackers can upload a PHP file with a shell command execution payload and execute arbitrary commands by accessing the uploaded file through a specific URL parameter. | CVSS4.0: 8.7 - HIGH CVSS3.1: 8.8 - HIGH | 0 1 2 3 | Exploitation: pocAutomatable: noTechnical Impact: total | Textpattern 4.8.3 - Remote code execution | github |
| CVE-2018-25116 | jamiesage123 - MyBB Thread Redirect Plugin | MyBB Thread Redirect Plugin 0.2.1 contains a cross-site scripting vulnerability in the custom text input field for thread redirects. Attackers can inject malicious SVG scripts that will execute when other users view the thread, allowing arbitrary script execution. | CVSS4.0: 5.1 - MEDIUM CVSS3.1: 6.1 - MEDIUM | 0 1 2 | Exploitation: pocAutomatable: noTechnical Impact: partial | MyBB Thread Redirect Plugin 0.2.1 - Cross-Site Scripting | github |
| CVE-2025-14866 | melapress - Melapress Role Editor | The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the ‘save_secondary_roles_field’ function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to assign themselves additional roles including Administrator. | CVSS3.1: 8.8 - HIGH | 0 1 2 3 | Exploitation: noneAutomatable: noTechnical Impact: total | Melapress Role Editor <= 1.1.1 - Improper Authorization to Authenticated (Subscriber+) Privilege Escalation via Secondary Role Assignment | github |
This post is licensed under CC BY 4.0 by the author.