CVE-2026-49045

The CVE-2026-49045 entry concerns the WordPress Adminimize plugin (versions up to 1.11.11). Affected component: Adminimize’s access control logic, with a Missing Authorization / Broken Access Control vulnerability. Root cause: improperly configured access control security levels that allow exploi...

CVE-2026-49045 WordPress Adminimize plugin <= 1.11.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Media Adminimize allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Adminimize: from n/a through 1.11.11...

PT-2026-43258

Name of the Vulnerable Software and Affected Versions Mirasvit Full Page Cache Warmer for Magento 2 versions prior to 1.11.12 Description This issue is a PHP object injection resulting from the deserialization of untrusted data. Unauthenticated attackers can achieve remote code execution by...

📄 Pterodactyl Panel Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in Pterodactyl Panel versions before 1.11.11. The vulnerability allows an attacker to write a malicious PHP file via the locale functionality and then execute it to gain a reverse shell...

Exploit for CVE-2025-49132

CVE-2025-49132PoC Pterodactyl Panel 1.11.11 - Remote Code Exe...

SUSE CVE-2025-68954

Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below do not revoke active SFTP connections when a user is removed from a server instance or has their permissions changes with respect to file access over SFTP. This allows a user that was already connected to...

CVE-2025-68954

Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below do not revoke active SFTP connections when a user is removed from a server instance or has their permissions changes with respect to file access over SFTP. This allows a user that was already connected to...

CVE-2025-69197 Pterodactyl TOTPs can be reused during validity window

Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below allow TOTP to be used multiple times during its validity window. Users with 2FA enabled are prompted to enter a token during sign-in, and afterward it is not sufficiently marked as used in the system. This...

CVE-2025-69197

Pterodactyl Panel (versions

Pterodactyl 代码问题漏洞

Pterodactyl is an open source game server administration panel built using PHP, Nodejs and Go. A code issue vulnerability exists in Pterodactyl version 1.11.11 and earlier that stems from an active SFTP connection not being revoked when a user is removed from a server instance or their SFTP file...

📄 Pterodactyl Panel Remote Code Execution

Pterodactyl Panel versions prior to 1.11.11 suffers from a remote code execution vulnerability. Exploit Title: Pterodactyl Panel 1.11.11 - Remote Code Execution RCE Date: 22/06/2025 Exploit Author: Zen-kun04 Vendor Homepage: https://pterodactyl.io/ Software Link:...

CVE-2025-49132

Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it...

CVE-2024-31269

Cross-Site Request Forgery CSRF vulnerability in Supsystic Easy Google Maps.This issue affects Easy Google Maps: from n/a through 1.11.11...

WordPress Plugin Easy Google Maps 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability...

PT-2024-23913 · Unknown · Supsystic Easy Google Maps

Name of the Vulnerable Software and Affected Versions: Supsystic Easy Google Maps versions 1.11.11 and earlier Description: A Cross-Site Request Forgery CSRF issue has been identified. This type of issue allows an attacker to trick a user into performing unintended actions on a web application th...

WordPress Easy Google Maps plugin <= 1.11.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Easy Google Maps versions = 1.11.11...

CVE-2023-36686

Unauth. Reflected Cross-Site Scripting XSS vulnerability in CartFlows Pro plugin = 1.11.11 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in CartFlows Pro plugin = 1.11.11 versions...

PT-2023-25679 · WordPress · Cartflows Pro

Name of the Vulnerable Software and Affected Versions: CartFlows Pro plugin versions = 1.11.11 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a website, potentially...

WordPress plugin CartFlows Pro Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...