888 matches found
WordPress Gift Hunt plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by LIM MINHYOEK in WordPress Plugin Gift Hunt versions = 2.0.2...
PT-2025-53247
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ecommerce Platforms Gift Hunt gift-hunt allows Stored XSS.This issue affects Gift Hunt: from n/a through = 2.0.2...
WordPress Live Composer – Free WordPress Website Builder plugin <= 2.0.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Page Builder: Live Composer versions = 2.0.2...
CVE-2025-14119
CVE-2025-14119 applies to App Landing Template Blocks for WPBakery Page Builder (Visual Composer) for WordPress. It describes a stored Cross-Site Scripting vulnerability via the atvc_video_play shortcode attributes, affecting all versions up to and including 2.0.2. The issue requires an authentic...
WordPress plugin App Landing Template Blocks for WPBakery (Visual Composer) Page Builder 跨站脚本漏洞
WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
CVE-2025-62738
Missing Authorization vulnerability in mmattax Formstack Online Forms formstack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formstack Online Forms: from n/a through = 2.0.2...
WordPress Scroller plugin <= 2.0.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Scroller versions = 2.0.2...
All-Dynamics Digital Signage System 跨站请求伪造漏洞
All-Dynamics Digital Signage System is a fully dynamic digital signage system from All-Dynamics, Germany. A cross-site request forgery vulnerability exists in All-Dynamics Digital Signage System version 2.0.2, which stems from a lack of request validation and could lead to a cross-site request...
EUVD-2025-202022
Missing Authorization vulnerability in mmattax Formstack Online Forms formstack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formstack Online Forms: from n/a through = 2.0.2...
CVE-2022-46845 WordPress Slider a SlidersPack plugin <= 2.0.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Essential Plugin Slider a SlidersPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider a SlidersPack: from n/a before 2.3...
CVE-2025-62738 WordPress Formstack Online Forms plugin <= 2.0.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in mmattax Formstack Online Forms formstack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formstack Online Forms: from n/a through = 2.0.2...
WordPress plugin Formstack Online Forms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A security...
PT-2025-50007
Missing Authorization vulnerability in mmattax Formstack Online Forms formstack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formstack Online Forms: from n/a through = 2.0.2...
CVE-2025-20373
CVE-2025-20373 affects the Splunk Add-on for Palo Alto Networks (versions below 2.0.2). The issue is that client secrets are exposed in plaintext in the _internal index during the addition of new “Data Security Accounts.” Exploitation would require local access to log files or administrative acce...
WordPress Coil Web Monetization plugin <= 2.0.2 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Sandeep Kambhampati in WordPress Plugin Coil Web Monetization versions = 2.0.2...
Advantech DeviceOn/iEdge 路径遍历漏洞
Advantech DeviceOn/iEdge is an edge device remote management and operation and maintenance platform from Advantech, Taiwan, China. A path traversal vulnerability exists in Advantech DeviceOn/iEdge, which can be exploited by an attacker to read arbitrary files or bypass authentication...
CVE-2025-62796 PrivateBin persistent HTML injection in attachment filename enables redirect and defacement
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Versions 1.7.7 through 2.0.1 allow persistent HTML injection via the unsanitized attachment filename attachmentname when attachments are enabled. An attacker can modify attachmentname before encryption so that,...
CVE-2025-62796
CVE-2025-62796 concerns PrivateBin where Versions 1.7.7–2.0.1 allow persistent HTML injection via the unsanitized attachment_name when attachments are enabled. An attacker can modify the filename before encryption, causing unescaped HTML to be inserted near the file size hint after decryption, en...
EUVD-2025-36556
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Versions 1.7.7 through 2.0.1 allow persistent HTML injection via the unsanitized attachment filename attachmentname when attachments are enabled. An attacker can modify attachmentname before encryption so that,...
CVE-2025-62796 PrivateBin persistent HTML injection in attachment filename enables redirect and defacement
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Versions 1.7.7 through 2.0.1 allow persistent HTML injection via the unsanitized attachment filename attachmentname when attachments are enabled. An attacker can modify attachmentname before encryption so that,...