CVE-2026-1304

The Membership Plugin – Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting via multiple invoice settings fields in all versions up to, and including, 3.2.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

CVE-2026-1304

The Membership Plugin – Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting via multiple invoice settings fields in all versions up to, and including, 3.2.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

PT-2026-20275

The Membership Plugin – Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting via multiple invoice settings fields in all versions up to, and including, 3.2.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

WordPress plugin Membership Plugin – Restrict Content for WordPress 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000165)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000165 advisory. An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs e.g., an excessi...

EUVD-2025-205774

The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'editrating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above t...

CVE-2025-14426

The CVE-2025-14426 entry affects the Strong Testimonials WordPress plugin (all versions up to 3.2.18). Root cause: a missing capability check in the edit_rating function allows authenticated attackers with Contributor level access or higher to modify or delete rating meta on any testimonial post,...

WordPress plugin Strong Testimonials 安全漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2021-24927

The My Calendar WordPress plugin before 3.2.18 does not sanitise and escape the callback parameter of the mcpostlookup AJAX action available to any authenticated user before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue...

WordPress plugin Robo Gallery 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

PT-2024-25842 · Unknown · Robo Gallery

Name of the Vulnerable Software and Affected Versions: Robo Gallery versions 3.2.18 and earlier Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data is made available to individuals who should not have access t...

WordPress Robo Gallery Plugin <= 3.2.18 is vulnerable to Sensitive Data Exposure

Software Robo Gallery Type Plugin Vulnerable versions = 3.2.18 Fixed in 3.2.19 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-34382 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID fc1d04a11044 Credits Peng Zhou Required privilege...

WordPress Robo Gallery Plugin <= 3.2.17 is vulnerable to Cross Site Scripting (XSS)

Software Robo Gallery Type Plugin Vulnerable versions = 3.2.17 Fixed in 3.2.18 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22295 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 29d8208eb109 Credits Bryan Satyamulya Required privilege...

Security fix for the ALT Linux 10 package python3-module-django version 3.2.18-alt1

3.2.18-alt1 built March 31, 2023 Alexey Shabalin in task 317508 March 24, 2023 Alexey Shabalin - New version 3.2.18. - Fixes for the following security vulnerabilities: + CVE-2023-23969 Potential denial-of-service via Accept-Language headers + CVE-2023-24580 Potential denial-of-service...

[SECURITY] Fedora 37 Update: python-django3-3.2.18-1.fc37

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

SPIP 3.2.x < 3.2.18, 4.x < 4.0.10, 4.1.x < 4.1.8, 4.2.x < 4.2.1 RCE Vulnerability

SPIP is prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:spip:spip";...

DEBIAN-CVE-2023-27372

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1...

SUSE CVE-2016-9878

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks...

[SECURITY] [DLA 3010-1] ffmpeg security update

Debian LTS Advisory DLA-3010-1 [email protected] https://www.debian.org/lts/security/ Enrico Zini May 16, 2022 https://wiki.debian.org/LTS Package : ffmpeg Version : 7:3.2.18-0+deb9u1 The ffmpeg project released the new version 3.2.18 with fixes for various issues found by the OSS-Fuzz...

My Calendar < 3.2.18 - Subscriber+ Reflected Cross-Site Scripting

The plugin does not sanitise and escape the callback parameter of the mcpostlookup AJAX action available to any authenticated user before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue...