EUVD-2026-9525

The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the obspaceratlink, obbbadlink, and obteleporterlink URL parameters in all versions up to, and including, 2.1.24. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2026-3034

The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the obspaceratlink, obbbadlink, and obteleporterlink URL parameters in all versions up to, and including, 2.1.24. This makes it possible for authenticated attackers, with Contributor-level...

PT-2026-23131

Name of the Vulnerable Software and Affected Versions OoohBoi Steroids for Elementor plugin for WordPress versions up to and including 2.1.24 Description The OoohBoi Steroids for Elementor plugin for WordPress contains a Stored Cross-Site Scripting issue. Authenticated attackers with...

WordPress plugin OoohBoi Steroids for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

EUVD-2016-5493

Malware in sbrugna...

PT-2025-4713 · Unknown · Author Avatars List/Block

Name of the Vulnerable Software and Affected Versions: Author Avatars List/Block versions prior to 2.1.24 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows stored XSS. This enables an attacker to...

elFinder Detection (HTTP)

HTTP based detection of elFinder. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113323";...

mobilejoomla, 2.1.24, malcious redirects

mobilejoomla,2.1.24, malicious redirects. google adsense file added that may redirect all sites adsense revenue to the developer. File is not deleted on removing extension. Developer statement Extension Update Details Previously the free version of the Mobile extension added a file called ads.txt...

TeamPass SQL Injection Vulnerability (CNVD-2017-06059)

TeamPass is a dedicated password manager for Apache, MySQL and PHP. A SQL injection vulnerability exists in several scripts in TeamPass 2.1.24 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user...

TeamPass SQL Injection Vulnerability

TeamPass is a dedicated password manager for Apache, MySQL and PHP. A SQL injection vulnerability exists in TeamPass versions 2.1.26, 2.1.25, and 2.1.24, which stems from the program failing to properly filter user-submitted input when constructing SQL query statements. An attacker could use this...

CVE-2016-4505

Resource Data Management RDM Intuitive 650 TDB Controller devices before 2.1.24 allow remote authenticated users to modify arbitrary passwords via unspecified vectors...

TeamPass 2.1.24 - Multiple Vulnerabilities

Exploit for php platform in category web applications Affected Product: TeamPass Vulnerability Type: Multiple XSS,CSRF, SQL injections Fixed in Version: 2.1.25 https://github.com/nilsteampassnet/TeamPass/releases/tag/2.1.25.0 Vendor Website: http://www.teampass.net Software Link: :...

CVE-2013-4555

Cross-site request forgery CSRF vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the user via unspecified vectors...

CVE-2013-4556

Cross-site scripting XSS vulnerability in the author page prive/formulaires/editerauteur.php in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the urlsite parameter...

CVE-2013-4556

Cross-site scripting XSS vulnerability in the author page prive/formulaires/editerauteur.php in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the urlsite parameter...

CVE-2013-4555

SPIP’s CSRF flaw CVE-2013-4555 affects action/logout.php in SPIP versions before 2.1.24. An attacker can hijack a user’s session by sending a logout request via unspecified vectors, enabling partial confidentiality/integrity/availability impact as described in the CVE entry. Multiple connected fe...

2021-01 .NET Core 2.1.24 Update for x86 Client

2021-01 .NET Core 2.1.24 Update for x86 Client...