CVE-2026-1000
published 2026-01-16CVE-2026-1000: The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data modification and deletion in all versions up to, and…
PriorityP339medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
0.28%
19.9th percentile
The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data modification and deletion in all versions up to, and including, 3.1.3. This is due to missing capability checks on the resetIntegration() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the plugin's integration settings, delete all plugin options, and drop the plugin's database tables (woo_mailerlite_carts and woo_mailerlite_jobs), resulting in complete loss of plugin data including customer abandoned cart information and sync job history.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mailerlite | mailerlite_woocommerce_integration | <= 3.1.3 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic
ghsa·2026-06-25
CVE-2026-48702 [HIGH] CWE-770 Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic
Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic
## Description
The `Package.Unmarshal()` function in `pkg/types/alpine/apk.go` decompresses the signature and control gzip members of an APK file into in-memory buffers without bounding the total decompressed size. The existing `max_apk_metadata_size` check (default 1MB) is only applied to individual tar entry header sizes after decompression completes, so it does not prevent a decompression bomb from consuming unbounded heap memory.
An attacker can craft a gzip stream that compresses at a ~1000:1 ratio (e.g., 2MB compressed zeros → 2GB decompressed). When submitted as spec.package.content in an Alpine `ProposedEntry`, the server decompresses the full payload into memory during request processing,
GHSA
GHSA-m645-96c9-mxrv: The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data modification and deletion in all versions up to, and
ghsa_unreviewed·2026-01-16
CVE-2026-1000 [MEDIUM] CWE-862 GHSA-m645-96c9-mxrv: The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data modification and deletion in all versions up to, and
The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data modification and deletion in all versions up to, and including, 3.1.3. This is due to missing capability checks on the resetIntegration() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the plugin's integration settings, delete all plugin options, and drop the plugin's database tables (woo_mailerlite_carts and woo_mailerlite_jobs), resulting in complete loss of plugin data including customer abandoned cart information and sync job history.
Red Hat
dovecot: denial of service via specially crafted NOOP command
vendor_redhat·2026-03-27·CVSS 4.3
CVE-2026-27857 [MEDIUM] CWE-770 dovecot: denial of service via specially crafted NOOP command
dovecot: denial of service via specially crafted NOOP command
Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage. Longer commands will result in client disconnection. This 1 MB can be left allocated for longer time periods by not sending the command ending LF. So attacker could connect possibly from even a single IP and create 1000 connections to allocate 1 GB of memory, which would likely result in reaching VSZ limit and killing the process and its other proxied connections. Attacker could connect possibly from even a single IP and create 1000 connections to allocate 1 GB of memory, which would likely result in reaching VSZ limit and killing the process and its other proxied connections. Install fixed version, there is no other remediatio
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-1000 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-1000 [CRITICAL] CVE-2026-1000 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1000 :
WordPress vulnerability analysis and mitigation
The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data modification and deletion in all versions up to, and including, 3.1.3. This is due to missing capability checks on the resetIntegration() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the plugin's integration settings, delete all plugin options, and drop the plugin's database tables (woo_mailerlite_carts and woo_mailerlite_jobs), resulting in complete loss of plugin data including customer abandoned cart information and sync job history.
Source : NVD
## 6.5
Score
Published January 16, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
WordPress
H
Bugzilla
CVE-2026-46123 kernel: Bluetooth: virtio_bt: clamp rx length before skb_put
bugzilla·2026-05-28
CVE-2026-46123 [MEDIUM] CVE-2026-46123 kernel: Bluetooth: virtio_bt: clamp rx length before skb_put
CVE-2026-46123 kernel: Bluetooth: virtio_bt: clamp rx length before skb_put
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: virtio_bt: clamp rx length before skb_put
virtbt_rx_work() calls skb_put(skb, len) where len comes directly
from virtqueue_get_buf() with no validation against the buffer we
posted to the device. The RX skb is allocated in virtbt_add_inbuf()
and exposed to virtio as exactly 1000 bytes via sg_init_one().
Checking len against skb_tailroom(skb) is not sufficient because
alloc_skb() can leave more tailroom than the 1000 bytes actually
handed to the device. A malicious or buggy backend can therefore
report used.len between 1001 and skb_tailroom(skb), causing skb_put()
to include uninitialized kernel heap bytes that were never written by
t
Bugzilla
CVE-2026-27857 dovecot: denial of service via specially crafted NOOP command
bugzilla·2026-03-27·CVSS 7.5
CVE-2026-27857 [HIGH] CVE-2026-27857 dovecot: denial of service via specially crafted NOOP command
CVE-2026-27857 dovecot: denial of service via specially crafted NOOP command
Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage. Longer commands will result in client disconnection. This 1 MB can be left allocated for longer time periods by not sending the command ending LF. So attacker could connect possibly from even a single IP and create 1000 connections to allocate 1 GB of memory, which would likely result in reaching VSZ limit and killing the process and its other proxied connections. Attacker could connect possibly from even a single IP and create 1000 connections to allocate 1 GB of memory, which would likely result in reaching VSZ limit and killing the process and its other proxied connections. Install fixed version, there is no o
https://plugins.trac.wordpress.org/browser/woo-mailerlite/tags/3.1.3/admin/controllers/WooMailerLiteAdminSettingsController.php#L231https://plugins.trac.wordpress.org/browser/woo-mailerlite/tags/3.1.3/includes/WooMailerLite.php#L127https://plugins.trac.wordpress.org/browser/woo-mailerlite/tags/3.1.3/includes/migrations/WooMailerLiteMigration.php#L33https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3415073%40woo-mailerlite%2Ftrunk&old=3399626%40woo-mailerlite%2Ftrunk&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/e20deec4-f40c-4bd3-91f7-6a9d643a5520?source=cve
2026-01-16
Published