CVE-2026-15302: CWE-36 Absolute Path Traversal in reputeinfosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
The ARMember WordPress plugin is vulnerable to an absolute path traversal vulnerability via the 'X-FILENAME' HTTP header in all versions up to and including 4.0.27. This vulnerability allows…
Read the full articleYou might also wanna read
CVE-2026-48800 Bypass: Path Traversal Vulnerability Discovered in Notepad++ v8.9.6.1
## Vulnerability Summary **Product**: Notepad++ v8.9.6.1 (latest patched version) **Type**: CWE-42 (Path Traversal) / CWE-59 (Improper Link

WAF - WAF Release - 2025-08-04
This week's highlight focuses on a series of significant vulnerabilities identified across widely adopted web platforms, from enterprise-gra

WAF - WAF Release - 2025-09-29
This week highlights four important vendor- and component-specific issues: an authentication bypass in SimpleHelp (CVE-2024-57727), an infor

WAF - WAF Release - 2026-07-01
This release adds targeted coverage for a path traversal flaw in Fortinet FortiSandbox (CVE-2026-39813) and transitions the Anomaly:Header:U

WAF - WAF Release - 2025-06-16
This week’s roundup highlights multiple critical vulnerabilities across popular web frameworks, plugins, and enterprise platforms. The focus
Mass exploitation of Gravity SMTP WordPress plugin vulnerability steals API keys from 100,000 sites
Wordfence reported blocking 17M+ exploit attempts targeting Gravity SMTP since early May 2026, with the plugin installed on about 100,000 Wo

Comments
Sign in to join the conversation.
No comments yet. Be the first.