WordPress WPeMatico RSS Feed Fetcher plugin < 2.8.13 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin WPeMatico RSS Feed Fetcher versions 2.8.13...

CVE-2025-13031 WPeMatico RSS Feed Fetcher < 2.8.13 - Contributor+ Stored XSS

The WPeMatico RSS Feed Fetcher WordPress plugin before 2.8.13 does not sanitize and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...

WordPress W3 Total Cache plugin < 2.8.13 - Unauthenticated Command Injection vulnerability

Unauthenticated Command Injection vulnerability discovered by wcraft in WordPress Plugin W3 Total Cache versions 2.8.13...

CVE-2025-9501 W3 Total Cache < 2.8.13 - Unauthenticated Command Injection

The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the parsedynamicmfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post...

EUVD-2022-48990

Malicious code in bioql PyPI...

CVE-2023-22468

Discourse is an open source platform for community discussion. Versions prior to 2.8.13 stable, 3.0.0.beta16 beta and 3.0.0beta16 tests-passed, are vulnerable to cross-site Scripting. A maliciously crafted URL can be included in a post to carry out cross-site scripting attacks on sites with...

Arbitrary File Upload

Overview showdoc/showdoc is a tool for an IT team to share documents online. Affected versions of this package are vulnerable to Arbitrary File Upload due to the uploadImg method in the PageController class, which improperly validates file extensions. An attacker can execute arbitrary code by...

SUSE CVE-2025-23388

A Stack-based Buffer Overflow vulnerability in SUSE rancher allows for denial of service.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3...

WordPress BuddyForms plugin <= 2.8.13 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Max Boll b0lli in WordPress Plugin BuddyForms versions = 2.8.13...

WordPress plugin Post Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

WordPress BuddyForms Plugin <= 2.8.12 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Type Plugin Vulnerable versions = 2.8.12 Fixed in 2.8.13 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47377 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9418faef5fbf Credits SOPROBRO Required privilege Editor...

Argo CD Security Vulnerability

Argo CD is a software application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g. configuration in the Git repository, automatically synchronizing and deploying...

PT-2024-2260 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 2.8.13 Argo CD versions prior to 2.9.9 Argo CD versions prior to 2.10.4 Description: The issue is related to the mechanism of caching in Argo CD, which is a declarative, GitOps continuous delivery tool for Kubernetes...

PT-2024-2261 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 2.8.13 Argo CD versions prior to 2.9.9 Argo CD versions prior to 2.10.4 Description: The issue arises from a chain of vulnerabilities, including a Denial of Service DoS flaw and in-memory data storage weakness,...

WordPress Campaign Monitor for WordPress Plugin <= 2.8.13 is vulnerable to Cross Site Scripting (XSS)

Software Campaign Monitor for WordPress Type Plugin Vulnerable versions = 2.8.13 Fixed in 2.8.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-38474 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 625473050b18 Credits Phd Required...

NodeBB 2.x < 2.8.13, 3.x < 3.1.3 Information Disclosure Vulnerability

NodeBB is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodebb:nodebb";...

PT-2023-21763 · Nodebb · Nodebb

Name of the Vulnerable Software and Affected Versions: NodeBB versions prior to 2.8.13 NodeBB versions prior to 3.1.3 Description: The issue is related to a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. This allows certain user information to be...

Discourse 跨站脚本漏洞

Discourse is an open source community discussion platform. The platform includes features such as communities, email and chat rooms. A cross-site scripting vulnerability exists in Discourse versions prior to 2.8.13 stable, 3.0.0.beta16 beta, and 3.0.0beta16 tested. An attacker could exploit this...

Discourse < 2.8.13 Information Disclosure Vulnerability

Discourse is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2022-46150

Discourse is an open-source discussion platform. Prior to version 2.8.13 of the stable branch and version 2.9.0.beta14 of the beta and tests-passed branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue...