MiracleLinux 7 : libxslt-1.1.28-6.0.3.el7.AXS7 (AXSA:2025-9905:06)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9905:06 advisory. CVE-2024-55549: fix use-after-free issue related to exclusion of result prefixes CVEs: CVE-2024-55549 xsltGetInheritedNsList in libxslt before 1.1.43 has a...

WordPress CubeWP plugin <= 1.1.27 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by MD ISMAIL in WordPress Plugin CubeWP versions = 1.1.27...

WordPress Hydra Booking plugin <= 1.1.27 - Missing Payment Verification to Unauthenticated Payment Bypass vulnerability

Missing Payment Verification to Unauthenticated Payment Bypass vulnerability discovered by Ahmad Salem a7mad.cc in WordPress Plugin Hydra Booking versions = 1.1.27...

WordPress Hydra Booking plugin <= 1.1.27 - Unauthenticated Arbitrary Booking Cancellation via Weak Hash Generation vulnerability

Unauthenticated Arbitrary Booking Cancellation via Weak Hash Generation vulnerability discovered by Ahmad Salem a7mad.cc in WordPress Plugin Hydra Booking versions = 1.1.27...

PT-2025-46323

Name of the Vulnerable Software and Affected Versions Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress versions prior to 1.1.28 Description The Hydra Booking plugin for WordPress has a flaw where payment verification is absent, allowing unauthenticated users to bypas...

PT-2025-46322

Name of the Vulnerable Software and Affected Versions Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress versions prior to 1.1.28 Description The Hydra Booking plugin for WordPress is susceptible to unauthorized booking cancellations. This is caused by the use of...

CVE-2025-49963

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in growniche Simple Stripe Checkout simple-stripe-checkout allows Reflected XSS.This issue affects Simple Stripe Checkout: from n/a through = 1.1.28...

EUVD-2025-35498

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in growniche Simple Stripe Checkout simple-stripe-checkout allows Reflected XSS.This issue affects Simple Stripe Checkout: from n/a through = 1.1.28...

WordPress plugin Simple Stripe Checkout 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site scriptin...

PT-2025-43224

Name of the Vulnerable Software and Affected Versions growniche Simple Stripe Checkout versions through 1.1.28 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-site Scripting XSS condition. This allows an...

CLSA-2025-1761056432 Update of libxslt

Bump version to 1.1.28-6.0.3.tuxcare.els1...

EUVD-2015-7891

Malware in sbrugna...

EUVD-2025-9141

Malicious code in bioql PyPI...

WordPress Simple Stripe Checkout plugin <= 1.1.28 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Simple Stripe Checkout versions = 1.1.28...

CVE-2025-49251 WordPress Fana theme <= 1.1.28 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue affects Fana: from n/a through = 1.1.28...

CVE-2025-49251

CVE-2025-49251 is a Local File Inclusion vulnerability in the WordPress theme them bay Fana (versions up to 1.1.28) caused by improper control of include/require filenames in PHP. The issue enables PHP Local File Inclusion via a Local File Include vulnerability. Affected software is the Them bay ...

WordPress Fana theme <= 1.1.28 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Fana versions = 1.1.28...

WordPress Fana Theme <= 1.1.28 is vulnerable to Local File Inclusion

Software Fana Type Theme Vulnerable versions = 1.1.28 Fixed in 1.1.29 OWASP Top 10 A4: Insecure Design Classification Local File Inclusion CVE CVE-2025-49251 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID ee30ced0791e Credits Phat RiO - BlueRock Required privilege...

CVE-2023-0371

The EmbedSocial WordPress plugin before 1.1.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

Amazon Linux AMI : libxslt (ALAS-2025-1968)

The version of libxslt installed on the remote host is prior to 1.1.28-6.16. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1968 advisory. xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes...