1366 matches found
PT-2026-2843
The Electric Studio Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
MiracleLinux 4 : spice-xpi-2.4-1.AXS4.2 (AXSA:2011-154:01)
The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2011-154:01 advisory. SPICE extension for mozilla allows the client to be used from a web browser. Security issues fixed with this release: CVE-2011-0012 CVE-2011-1179 No...
WordPress Vivagh theme <= 2.4 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Vivagh versions = 2.4...
OPENSUSE-SU-2026:10041-1 libsoup-2_4-1-2.74.3-14.1 on GA media
These are all security issues fixed in the libsoup-24-1-2.74.3-14.1 package on the GA media of openSUSE Tumbleweed...
MiracleLinux 7 : httpd-2.4.6-99.1.0.10.el7.AXS7 (AXSA:2025-10901:08)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10901:08 advisory. CVE-2024-47252: escape user-supplied data in modssl to prevent untrusted SSL/TLS clients from inserting escape characters into log files...
CVE-2023-31576
An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file...
CVE-2021-41920
webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sorcible, sorchamps, and sorordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain...
CVE-2019-2735
Vulnerability in the Oracle Hyperion Workspace component of Oracle Hyperion subcomponent: UI and Visualization. The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Workspace...
CVE-2019-11814
An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. There is persistent XSS via image names in titles, as demonstrated by a screenshot...
CVE-2025-23816
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in metaphorcreations Metaphor Widgets allows Stored XSS. This issue affects Metaphor Widgets: from n/a through 2.4...
CVE-2025-14122
The AD Sliding FAQ plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slidingfaq' shortcode in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...
CVE-2023-25999
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in snstheme BodyCenter - Gym, Fitness WooCommerce WordPress Theme allows PHP Local File Inclusion. This issue affects BodyCenter - Gym, Fitness WooCommerce WordPress Theme: from n/a...
CVE-2025-67004
Disputed An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any other confidential information if weaponize accordingly. NOTE: A community member states that this is n...
CVE-2025-67004
CouchCMS 2.4 has a reported information-disclosure vulnerability where an Admin can read arbitrary files via directory traversal. Affected component/condition: CouchCMS 2.4; impact is confidentiality (C:H) with no impact on integrity or availability per sources. Root cause is described as a direc...
CVE-2025-67004
Disputed An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any other confidential information if weaponize accordingly. NOTE: A community member states that this is n...
PT-2026-1868
Name of the Vulnerable Software and Affected Versions CouchCMS version 2.4 Description An information disclosure issue exists in CouchCMS version 2.4. An administrator user can potentially read arbitrary files by traversing directories. This could lead to the disclosure of source code or other...
CVE-2025-67935
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Optimize optimizewp allows PHP Local File Inclusion.This issue affects Optimize: from n/a through 2.4...
CVE-2025-67935
CVE-2025-67935 relates to the Mikado-Themes Optimize/optimizewp WordPress theme. The issue is Local File Inclusion via Improper Control of Filename for Include/Require in PHP, enabling an attacker to include local PHP files. Affected: Optimize theme versions before 2.4. Impact is consistent with ...
WordPress plugin Optimize 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
CVE-2025-14904
The Newsletter Email Subscribe plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4. This is due to incorrect nonce validation on the nelssettingspage function. This makes it possible for unauthenticated attackers to update plugin settings via a...