CVE-2025-1802 HT Mega – Absolute Addons For Elementor <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘markertitle’, 'notificationcontent', and 'sttbuttontext' parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This...

CVE-2025-1802

CVE-2025-1802 (HT Mega – Absolute Addons For Elementor, WordPress) : Stored Cross-Site Scripting via the marker_title, notification_content, and stt_button_text parameters affects all versions up to and including 2.8.3. Root cause is insufficient input sanitization and output escaping. This enabl...

WordPress plugin HT Mega 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-28746

Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access. Users of Apache Airflow are recommended to upgrade to versi...

VulnCheck KEV: CVE-2024-32735

An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application...

CVE-2024-54384

Missing Authorization vulnerability in Anh Tran Falcon – WordPress Optimizations & Tweaks falcon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Falcon – WordPress Optimizations & Tweaks: from n/a through = 2.8.3...

WordPress plugin Falcon 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-11827 Out of the Block: OpenStreetMap <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via ootb_query Shortcode

The Out of the Block: OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ootbquery shortcode in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin Out of the Block: OpenStreetMap 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

WordPress Falcon – WordPress Optimizations & Tweaks plugin <= 2.8.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Falcon – WordPress Optimizations & Tweaks versions = 2.8.3...

CVE-2024-53261

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. "Unsanitized input from the request URL flows into end, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack XSS." The files...

CVE-2024-53261 Cross-Site Scripting attack (XSS) on dev mode 404 page in SvelteKit

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. "Unsanitized input from the request URL flows into end, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack XSS." The files...

CVE-2024-53262

CVE-2024-53262 affects SvelteKit where the static error.html template renders placeholders for HTTP status and error.message without escaping. This can allow an attacker-provided error.message to inject content into the error page, yielding a template XSS risk for applications that include user i...

CVE-2024-53262 Unescaped error message included on error page in SvelteKit

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. The static error.html template for errors contains placeholders that are replaced without escaping the content first. error.html is the page that is rendered when everything else fails. It can contai...

SvelteKit 跨站脚本漏洞

SvelteKit is an open source web development framework from Svelte. A cross-site scripting vulnerability exists in SvelteKit versions prior to 2.8.3, which stems from an injection flaw that occurs when replacing placeholders without first escaping the content...

SvelteKit 跨站脚本漏洞

SvelteKit is an open source web development framework from Svelte. A cross-site scripting vulnerability exists in SvelteKit versions prior to 2.8.3, which stems from the presence of unpurified input data and user-controllable data flow in a particular file, making it susceptible to cross-site...

PT-2024-35699 · Sveltekit · Sveltekit

Name of the Vulnerable Software and Affected Versions: SvelteKit versions prior to 2.8.3 Description: Unsanitized input from the request URL flows into end, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack XSS. The files...

CVE-2024-9105

CVE-2024-9105 — UltimateAI WordPress plugin authentication bypass The UltimateAI plugin for WordPress (Ultimate AI) is vulnerable to an authentication bypass in versions up to 2.8.3. The root cause is insufficient verification on the user parameter in the function ultimate_ai_register_or_login_wi...

PT-2024-39433 · WordPress · Ultimateai

Name of the Vulnerable Software and Affected Versions: The UltimateAI plugin for WordPress versions up to, and including, 2.8.3 Description: The issue is due to insufficient verification on the user being supplied in the ultimate ai register or login with google function. This makes it possible f...

CVE-2024-43395

CraftOS-PC 2 is a rewrite of the desktop port of CraftOS from the popular Minecraft mod ComputerCraft using C++ and a modified version of PUC Lua, as well as SDL for drawing. Prior to version 2.8.3, users of CraftOS-PC 2 on Windows can escape the computer folder and access files anywhere without...