220 matches found
WordPress Restaurant & Cafe Addon for Elementor plugin <= 1.5.8 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Restaurant & Cafe Addon for Elementor versions = 1.5.8...
WordPress RevivePress – Keep your Old Content Evergreen plugin <= 1.5.8 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin RevivePress versions = 1.5.8...
CVE-2026-2429
The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'cevenuename' CSV field in the onsavechangesvenues function in all versions up to, and including, 1.5.8. This is due to insufficient escaping on the user-supplied CSV data and lack of sufficient preparation on the...
EUVD-2026-10099
The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'cevenuename' CSV field in the onsavechangesvenues function in all versions up to, and including, 1.5.8. This is due to insufficient escaping on the user-supplied CSV data and lack of sufficient preparation on the...
WordPress Community Events plugin <= 1.5.8 - Authenticated (Administrator+) SQL Injection via 'ce_venue_name' CSV Field vulnerability
Authenticated Administrator+ SQL Injection via 'cevenuename' CSV Field vulnerability discovered by Bee - FPT University in WordPress Plugin Community Events versions = 1.5.8...
CVE-2026-2429 Community Events <= 1.5.8 - Authenticated (Administrator+) SQL Injection via 'ce_venue_name' CSV Field
The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'cevenuename' CSV field in the onsavechangesvenues function in all versions up to, and including, 1.5.8. This is due to insufficient escaping on the user-supplied CSV data and lack of sufficient preparation on the...
CVE-2026-2429
The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'cevenuename' CSV field in the onsavechangesvenues function in all versions up to, and including, 1.5.8. This is due to insufficient escaping on the user-supplied CSV data and lack of sufficient preparation on the...
CVE-2026-2429 Community Events <= 1.5.8 - Authenticated (Administrator+) SQL Injection via 'ce_venue_name' CSV Field
The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'cevenuename' CSV field in the onsavechangesvenues function in all versions up to, and including, 1.5.8. This is due to insufficient escaping on the user-supplied CSV data and lack of sufficient preparation on the...
PT-2026-23814
The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'ce venue name' CSV field in the on save changes venues function in all versions up to, and including, 1.5.8. This is due to insufficient escaping on the user-supplied CSV data and lack of sufficient preparation on t...
WordPress ARForms plugin <= 1.5.8 - Unauthenticated Stored Cross-Site Scripting via arf_http_referrer_url vulnerability
Unauthenticated Stored Cross-Site Scripting via arfhttpreferrerurl vulnerability discovered by drop in WordPress Plugin ARForms Form Builder versions = 1.5.8...
CVE-2025-70073
An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function...
CVE-2025-70073
An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function...
EUVD-2025-206857
An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function...
CVE-2025-70073
An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function...
CVE-2025-70073
Summary: CVE-2025-70073 affects ChestnutCMS versions prior to 1.5.9. The issue enables a remote attacker to execute arbitrary code through the template creation function. The provided sources explicitly describe vulnerable software versions (ChestnutCMS v1.5.8 and earlier) and cite a template cre...
ChestnutCMS 安全漏洞
ChestnutCMS is an enterprise-level content management system developed by Liweiyi, featuring a separation between the front-end and back-end components. Versions of ChestnutCMS prior to v1.5.8 contained security vulnerabilities; these vulnerabilities stemmed from the template creation feature,...
CVE-2025-70073
An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function...
BrowserStack Local vulnerable to Command Injection through logfile variable
The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js...
CVE-2025-57283
The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js...
Node.js security vulnerabilities
Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. Version 1.5.8 of Node.js contains a security vulnerability caused by improper cleanup of the logfile variable, which may lead to command injection attacks...