263 matches found
CVE-2025-63013 WordPress WP Hotel Booking plugin <= 2.2.7 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Retrieve Embedded Sensitive Data.This issue affects WP Hotel Booking: from n/a through = 2.2.7...
CVE-2025-63013
CVE-2025-63013 affects the WordPress WP Hotel Booking plugin (wp-hotel-booking) versions up to and including 2.2.7. The documented issue is exposure of sensitive system information and the ability to retrieve embedded sensitive data, indicating a data-access exposure vulnerability. The root cause...
CVE-2025-63011 WordPress WP Hotel Booking plugin <= 2.2.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows DOM-Based XSS.This issue affects WP Hotel Booking: from n/a through = 2.2.8...
CVE-2025-67527 WordPress Digiqole theme < 2.2.7 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in trippleS Digiqole digiqole allows PHP Local File Inclusion.This issue affects Digiqole: from n/a through 2.2.7...
PT-2025-49903
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in trippleS Digiqole digiqole allows PHP Local File Inclusion.This issue affects Digiqole: from n/a through 2.2.7...
CVE-2025-11987 Visual Link Preview <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via visual-link-preview Shortcode
The Visual Link Preview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's visual-link-preview shortcode in versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-11987
CVE-2025-11987 — Visual Link Preview (WordPress) is a stored cross-site scripting vulnerability in the Visual Link Preview plugin for WordPress, exploitable via the plugin’s visual-link-preview shortcode. Affected versions are up to and including 2.2.7, where insufficient input sanitization and o...
WordPress Visual Link Preview plugin <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via visual-link-preview Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via visual-link-preview Shortcode vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Visual Link Preview versions = 2.2.7...
EUVD-2025-34758
Cross site scripting XSS vulnerability in Ultimate PHP Board 2.2.7 via the uname parameter in lostpassword.php...
CVE-2025-61540
SQL injection vulnerability in Ultimate PHP Board 2.2.7 via the username field in lostpassword.php...
CVE-2025-61540
SQL injection vulnerability in Ultimate PHP Board 2.2.7 via the username field in lostpassword.php...
Ultimate PHP Board 安全漏洞
Ultimate PHP Board is a message board software from PHP Outburst open source. A security vulnerability exists in Ultimate PHP Board version 2.2.7, which stems from an unvalidated username field in lostpassword.php and could lead to a SQL injection attack...
CVE-2025-61540
CVE-2025-61540 : The Red Hat, NVD, OSV, EUVD, NVD (and other) records all describe a SQL injection in Ultimate PHP Board version 2.2.7, exploitable via the username field in lostpassword.php. The underlying issue is an unvalidated/unsafely assembled username input leading to SQL injection, with C...
EUVD-2018-2164
Malware in sbrugna...
EUVD-2018-0655
Malware in sbrugna...
EUVD-2018-10006
Malware in sbrugna...
EUVD-2018-10005
Malware in sbrugna...
EUVD-2018-2115
Malware in sbrugna...
EUVD-2018-9153
Malware in sbrugna...
EUVD-2009-2422
Malware in sbrugna...