CVE-2026-56071

Unauthenticated Cross Site Scripting XSS in Forminator = 1.53.1 versions...

EUVD-2026-39384

Unauthenticated Cross Site Scripting XSS in Forminator = 1.53.1 versions...

CVE-2026-56071

CVE-2026-56071 affects WordPress Forminator plugin versions

CVE-2025-9988

The Broadstreet plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the createadvertiser AJAX action in all versions up to, and including, 1.53.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create...

CVE-2025-9987

The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the getsponsoredmeta AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protect...

CVE-2025-9989

The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.53.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

CVE-2025-9989

CVE-2025-9989 – Broadstreet WordPress plugin : The vulnerability affects Broadstreet plugin versions

CVE-2025-9987

The Broadstreet WordPress plugin (versions

CVE-2025-9987

The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the getsponsoredmeta AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protect...

CVE-2025-9987 Broadstreet <= 1.53.1 - Authenticated (Subscriber+) Information Disclosure

The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the getsponsoredmeta AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protect...

EUVD-2025-209819

The Broadstreet plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the createadvertiser AJAX action in all versions up to, and including, 1.53.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create...

CVE-2025-9988 Broadstreet <= 1.53.1 - Missing Authorization to Authenticated (Subscriber+) Advertiser Creation

The Broadstreet plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the createadvertiser AJAX action in all versions up to, and including, 1.53.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create...

PT-2026-40559

The Broadstreet plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the create advertiser AJAX action in all versions up to, and including, 1.53.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create...

WordPress plugin Broadstreet 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2025-11461

Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1...

CVE-2025-11461 Frappe CRM 1.53.1 — Multiple SQL Injections in Dashboard Controller

Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1...

Frappe CRM SQL注入漏洞

Frappe CRM is a full-featured customer relationship management system from Frappe Open Source. A SQL injection vulnerability exists in Frappe CRM version 1.53.1, which stems from a user control parameter that is insecurely linked to a dynamic SQL statement, which could lead to a SQL injection...

Denial of Service (DoS)

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Denial of Service DoS through the use of ast.literaleval to parse user input. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...

CVE-2024-30247

NextcloudPi is a ready to use image for Virtual Machines, Raspberry Pi, Odroid HC1, Rock64 and other boards. A command injection vulnerability in NextCloudPi allows command execution as the root user via the NextCloudPi web-panel. Due to a security misconfiguration this can be used by anyone with...