WordPress Automatic YouTube Gallery plugin <= 2.5.5 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Automatic YouTube Gallery versions = 2.5.5...

CVE-2025-69370 WordPress Capella theme <= 2.5.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeGoods Capella capella allows Object Injection.This issue affects Capella: from n/a through = 2.5.5...

CVE-2026-2709

A flaw has been found in busy up to 2.5.5. The affected element is an unknown function of the file source-code/busy-master/src/server/app.js of the component Callback Handler. Executing a manipulation of the argument state can lead to open redirect. It is possible to launch the attack remotely. T...

PT-2026-21151

Name of the Vulnerable Software and Affected Versions ThemeGoods Capella versions through 2.5.5 Description A flaw exists in ThemeGoods Capella that allows for object injection due to deserialization of untrusted data. This can lead to unauthorized code execution. Recommendations Update to a...

CVE-2026-25428 WordPress TS Poll plugin <= 2.5.5 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in totalsoft TS Poll poll-wp allows Server Side Request Forgery.This issue affects TS Poll: from n/a through = 2.5.5...

CVE-2026-2709

A flaw has been found in busy up to 2.5.5. The affected element is an unknown function of the file source-code/busy-master/src/server/app.js of the component Callback Handler. Executing a manipulation of the argument state can lead to open redirect. It is possible to launch the attack remotely. T...

CVE-2026-2709 busy Callback app.js redirect

A flaw has been found in busy up to 2.5.5. The affected element is an unknown function of the file source-code/busy-master/src/server/app.js of the component Callback Handler. Executing a manipulation of the argument state can lead to open redirect. It is possible to launch the attack remotely. T...

Busy 输入验证错误漏洞

Busy is a social networking system developed by Busy Open Source. Versions of Busy 2.5.5 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from incorrect handling of the state parameter in the file source-code/busy-master/src/server/app.js, which...

WordPress plugin TS Poll 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Capella theme <= 2.5.5 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Capella versions = 2.5.5...

WordPress TS Poll plugin <= 2.5.5 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Jakub Herman in WordPress Plugin TS Poll versions = 2.5.5...

CVE-2009-4780

Multiple cross-site scripting XSS vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via 1 the lang parameter in a sitemap action, 2 the search parameter in a search action, 3 the taggingid parameter in a search action, 4 the...

CVE-2025-14013

A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.php/admins/Comment/addcomment.html of the component Comment Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. Th...

CVE-2025-14012

A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing a manipulation can lead to sql injection. The attack can be launched remotel...

CVE-2025-14012 JIZHICMS Batch Delete Comments deleteAll.html delete sql injection

A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing a manipulation can lead to sql injection. The attack can be launched remotel...

CVE-2025-12585

The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.5 via upload filenames. This makes it possible for unauthenticated attackers to extract session values that can subsequently be used to access...

PT-2025-49104

A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Comment/addcomment.html of the component Add Display Name Field. Performing manipulation of the argument aid/tid results in sql injection. The attack can be initiated remotely. Th...

CVE-2025-12585

The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.5 via upload filenames. This makes it possible for unauthenticated attackers to extract session values that can subsequently be used to access...

EUVD-2025-200727

The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.5 via upload filenames. This makes it possible for unauthenticated attackers to extract session values that can subsequently be used to access...

CVE-2025-12585 MxChat – AI Chatbot for WordPress <= 2.5.5 - Unauthenticated Information Exposure

The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.5 via upload filenames. This makes it possible for unauthenticated attackers to extract session values that can subsequently be used to access...