CVE-2025-14446

The Popup Builder Easy Notify Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the easynotifycpreset function in all versions up to, and including, 1.1.37. This makes it possible for authenticated attackers, with Subscriber-level...

EUVD-2025-203200

The Popup Builder Easy Notify Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the easynotifycpreset function in all versions up to, and including, 1.1.37. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2025-14446

The Popup Builder Easy Notify Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the easynotifycpreset function in all versions up to, and including, 1.1.37. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2025-14446 Popup Builder <= 1.1.37 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Reset

The Popup Builder Easy Notify Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the easynotifycpreset function in all versions up to, and including, 1.1.37. This makes it possible for authenticated attackers, with Subscriber-level...

Linux Distros Unpatched Vulnerability : CVE-2018-10061

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENTQUOTES flag these calls occur when the htmlescape function in...

Linux Distros Unpatched Vulnerability : CVE-2018-10060

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitizeuri function in lib/functions.php...

OPENSUSE-SU-2024:12423-1 libexslt0-1.1.37-1.1 on GA media

These are all security issues fixed in the libexslt0-1.1.37-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2024-4050 · Grafana · Grafana Oncall

Name of the Vulnerable Software and Affected Versions: Grafana OnCall versions 1.1.37 through 1.5.1 Description: The issue is related to insufficient validation of incoming requests in the webhook functionality of Grafana OnCall, which can allow a remote attacker to perform a Server Side Request...

WordPress Magical Addons For Elementor plugin <= 1.1.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Effect Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Text Effect Widget vulnerability discovered by João G. Barbosa 4rCanJ0x! in WordPress Plugin Magical Addons For Elementor versions = 1.1.37...

WordPress Magical Addons For Elementor Plugin <= 1.1.37 is vulnerable to Cross Site Scripting (XSS)

Software Magical Addons For Elementor Type Plugin Vulnerable versions = 1.1.37 Fixed in 1.1.38 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2923 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8f23618a4eb9 Credits João G...

WordPress plugin Magical Addons For Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-22825 · WordPress · Magical Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Magical Addons For Elementor plugin versions up to, and including, 1.1.37 Description: The issue is related to Stored Cross-Site Scripting via the plugin's text effect widget due to insufficient input sanitization and output escaping on...

Cacti cross-site scripting vulnerability (CNVD-2018-08679)

Cacti is an open source, web-based network monitoring and mapping tool, a front-end application designed for the data logging tool RRDtool. A cross-site scripting vulnerability exists in the sanitizeuri function in versions of Cacti prior to 1.1.37, which can lead to cross-site scripting attacks...

Design/Logic Flaw

Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENTQUOTES flag these calls occur when the htmlescape function in lib/html.php is not used...

CVE-2018-10061

Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENTQUOTES flag these calls occur when the htmlescape function in lib/html.php is not used...

UBUNTU-CVE-2018-10060

Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitizeuri function in lib/functions.php...

DEBIAN-CVE-2018-10060

Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitizeuri function in lib/functions.php...