CVE-2026-1911

The Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tweettitle' parameter in the 'TwitterFeeds' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-1911

creationtimestamp| type| source ---|---|--- 2025-03-26 12:26:11+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/8835 2025-03-26 13:53:17+00:00| seen| https://t.me/cvedetector/21167...

CVE-2025-1911 Product Import Export for WooCommerce <= 2.5.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the adminlogpage function in all versions up to, and including, 2.5.0. This makes it possible for authenticated...

CVE-2025-1911 Product Import Export for WooCommerce <= 2.5.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the adminlogpage function in all versions up to, and including, 2.5.0. This makes it possible for authenticated...

CVE-2023-1911

The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example...

CVE-2023-1911

Blocksy Companion (WordPress plugin by Creative Themes) before 1.8.82 contains an authorization flaw: posts accessible via a shortcode are not confirmed public, allowing any authenticated user (e.g., subscribers) to view draft content. This exposes draft posts to users who should not have access....

CVE-2023-1911 Blocksy Companion < 1.8.82 - Subscriber+ Draft Post Access

The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example...

CVE-2023-1911 Blocksy Companion < 1.8.82 - Subscriber+ Draft Post Access

The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example...

WordPress Blocksy Companion Plugin < 1.8.82 is vulnerable to Sensitive Data Exposure

Software Blocksy Companion Type Plugin Vulnerable versions 1.8.82 Fixed in 1.8.82 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-1911 Patch priority Medium CVSS severity Medium 4.3 Developer Creative Themes PSID a9848e95cc61 Credits Erwan LR WPScan...

CVE-2022-1911

Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system...

CVE-2022-1911 Information disclosure in M-Files Server

Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system...

CVE-2022-1911 Information disclosure in M-Files Server

Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system...

CVE-2022-1911

CVE-2022-1911 affects M-Files Server. The root cause is an error in a parser function that allows unauthenticated access to some information of the underlying operating system. Affected versions are before 22.6.11534.1 and before 22.6.11505.0. The CVSS 3.1 vector indicates Network access, no priv...

SUSE SLES15 Security Update : spice-gtk (SUSE-SU-2021:1911-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:1911-1 advisory. - Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before...

CVE-2020-1911

A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only...

CVE-2020-1911

CVE-2020-1911 concerns a type confusion in Facebook Hermes when resolving properties of JavaScript objects with specially-crafted prototype chains, prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da. The vulnerability could allow arbitrary code execution if untrusted JavaScript is evaluated...

CVE-2020-6178

SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be stolen from the browser history or log files, leading to Information Disclosure...

Information disclosure

SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be stolen from the browser history or log files, leading to Information Disclosure...

CVE-2020-6178

SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be stolen from the browser history or log files, leading to Information Disclosure...

it-ausschreibung.de Cross Site Scripting vulnerability

Security Researcher metamorfosec Helped patch 1911 vulnerabilities Received 9 Coordinated Disclosure badges Received 31 recommendations , a holder of 9 badges for responsible and coordinated disclosure, found a security vulnerability affecting it-ausschreibung.de website and its users. Following...