CVE-2025-32151

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Themekraft BuddyForms buddyforms allows PHP Local File Inclusion.This issue affects BuddyForms: from n/a through = 2.9.0...

PT-2025-14937 · Unknown · Buddyforms

Name of the Vulnerable Software and Affected Versions: BuddyForms versions n/a through 2.8.15 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' vulnerability. This allows PHP Local File...

WordPress plugin BuddyForms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...

WordPress Frontend Content Forms for User Submissions (UGC) plugin <= 2.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buddyforms_nav' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'buddyformsnav' Shortcode vulnerability discovered by Max Boll b0lli in WordPress Plugin BuddyForms versions = 2.8.15...

CVE-2024-11107

The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks...

WordPress System Dashboard plugin < 2.8.15 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Dogus Demirkiran in WordPress Plugin System Dashboard versions 2.8.15...

WordPress System Dashboard Plugin < 2.8.15 is vulnerable to Cross Site Scripting (XSS)

Software System Dashboard Type Plugin Vulnerable versions 2.8.15 Fixed in 2.8.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11107 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 948953d35f1c Credits Dogus Demirkiran...

WordPress Campaign Monitor for WordPress Plugin <= 2.8.15 is vulnerable to Sensitive Data Exposure

Software Campaign Monitor for WordPress Type Plugin Vulnerable versions = 2.8.15 Fixed in 2.8.16 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6569 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 63abfd042be5 Credits...

WordPress plugin Campaign Monitor for WordPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2024-37725 · WordPress · Campaign Monitor

Name of the Vulnerable Software and Affected Versions: Campaign Monitor for WordPress plugin for WordPress versions up to, and including, 2.8.15 Description: The issue is due to the plugin not properly restricting direct access to "/forms/views/admin/create.php" and display errors being enabled...

Lightbend Play Framework 资源管理错误漏洞

Lightbend Play Framework is a web application framework written in the Scala language from Lightbend, Inc. A resource management error vulnerability exists in Lightbend Play Framework versions 2.8.3 through 2.8.15, which results in a denial of service when using the FormbindFromRequest method on...

PT-2021-8091 · Unknown +6 · Ansible Engine +6

Name of the Vulnerable Software and Affected Versions: Ansible Engine versions prior to 2.8.15 Description: A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The...