CVE-2026-3875

The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocsfeedbackform' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible...

SailingLab AppLock 安全漏洞

SailingLab AppLock is a mobile application privacy protection tool developed by SailingLab. It supports features such as app locking, PIN verification, and fingerprint unlocking. Version 4.3.8 of SailingLab AppLock contains a security vulnerability. This vulnerability stems from the...

CVE-2025-68708

SailingLab AppLock (com.alpha.applock) v4.3.8 for Android is affected by an overlay-based lock that bypasses PIN verification when an attacker with physical access navigates insecure, exposed routes via ads or browser intents. The root cause is the lock implementation not using Android’s secure a...

WordPress BetterDocs plugin <= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BetterDocs versions = 4.3.8...

PT-2026-2410

Name of the Vulnerable Software and Affected Versions Wing FTP Server versions 4.3.8 and below Description The software contains a remote code execution issue that allows attackers to execute arbitrary PowerShell commands. An attacker can leverage a crafted Lua script payload, base64-encoded with...

PT-2026-1760

Name of the Vulnerable Software and Affected Versions miniOrange OTP Verification and SMS Notification for WooCommerce plugin for WordPress versions through 4.3.8 Description The miniOrange OTP Verification and SMS Notification for WooCommerce plugin for WordPress is subject to unauthorized data...

EUVD-2025-26976

Malicious code in bioql PyPI...

WordPress Responder Plugin <= 4.3.8 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Responder versions = 4.3.8...

PT-2025-36141

Name of the Vulnerable Software and Affected Versions: KCS Responder versions through 4.3.8 Description: KCS Responder is susceptible to a Cross-Site Request Forgery CSRF issue, which allows attackers to perform actions on behalf of authenticated users. Recommendations: Versions prior to 4.3.9 ar...

Moodle < 4.1.14 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.14, 4.2.x prior to 4.2.11, 4.3.x prior to 4.3.8, or 4.4.x prior to 4.4.4. It is, therefore, affected by multiple vulnerabilities. - An IDOR when fetching report schedules. - Some users can...

RHSA-2020:0928 Red Hat Security Advisory: OpenShift Container Platform 4.3.8 openshift-clients security update

Bulletin has no description...

CVE-2023-6882

The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘environmentmode’ parameter in all versions up to, and including, 4.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

Cross site scripting

The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘environmentmode’ parameter in all versions up to, and including, 4.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2023-6882 Simple Membership <= 4.3.8 - Reflected Cross-Site Scripting Vulnerability via environment_mode

The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘environmentmode’ parameter in all versions up to, and including, 4.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

WordPress plugin Simple Membership cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

PT-2023-26104 · Emqx · Emqx +1

Name of the Vulnerable Software and Affected Versions: EMQX version 4.3.8 Description: An issue in the emqx sn plugin allows attackers to execute a directory traversal via uploading a crafted .txt file. Recommendations: For EMQX version 4.3.8, consider restricting access to the emqx sn plugin unt...

@alioth_91/alita (>=3.3.9-patch.1 <=3.3.9-patch.2), @alitajs/vue-i18n (>=0.0.7 <=0.0.8) +98 more potentially affected by CVE-2023-34092 via vite (>=4.3.0 <=4.3.8)

vite NPM version =4.3.0, =3.3.9-patch.1, =0.0.7, =0.0.7, =0.0.7, =0.0.7, =0.0.7, =0.0.1, =0.0.1, =16.0.0, =2.0.0, =12.0.0, =0.0.0-canary-20230426131112, =0.0.1, =0.0.12 - @deconz-community/directus-extension-ddf-store =0.1.0 and more Source cves: CVE-2023-34092 Source advisory:...

Eclipse Vertx-web 路径遍历漏洞

Eclipse Vertx-web is an Eclipse Foundation framework for building web applications. A path traversal vulnerability exists in Eclipse Vertx-web versions prior to 4.3.8, which stems from the fact that an attacker can disclose any class path resource if the mount point is a wildcard...

CVE-2022-30279

An issue was discovered in Stormshield Network Security SNS 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus traffic to cause a...

CVE-2022-0747

The Infographic Maker plugin for WordPress (iList) up to version 4.3.7 is vulnerable to unauthenticated SQL Injection via the qcld_upvote_action AJAX path. The root cause is failure to validate and escape the post_id parameter before it is used in an SQL statement, enabling unauthenticated users ...