CVE-2025-71244 SPIP < 4.4.5 Open Redirect via Login Form

SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An attacker can craft a malicious URL that, when visited by a victim, redirects them to an arbitrary external site after login. This vulnerability only affects sites where the login page has been...

CVE-2025-71244

SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An attacker can craft a malicious URL that, when visited by a victim, redirects them to an arbitrary external site after login. This vulnerability only affects sites where the login page has been...

EUVD-2024-2279

Malicious code in bioql PyPI...

CVE-2025-58244

Cross-Site Request Forgery CSRF vulnerability in Anps Constructo constructo allows Object Injection.This issue affects Constructo: from n/a through = 4.3.9...

WordPress Constructo Theme <= 4.3.9 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Constructo versions = 4.3.9...

CVE-2025-58244 WordPress Constructo Theme <= 4.3.9 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Anps Constructo constructo allows Object Injection.This issue affects Constructo: from n/a through = 4.3.9...

CVE-2025-58244

CVE-2025-58244 (Constructo) is a CSRF-related vulnerability in the Constructo WordPress theme that, per the provided documents, allows object injection. Affected software ranges to Constructo versions up to 4.3.9. The CVE description and related references (including Wordfence summaries) confirm ...

PT-2025-38908

Name of the Vulnerable Software and Affected Versions Anps Constructo versions through 4.3.9 Description Anps Constructo is susceptible to a Cross-Site Request Forgery CSRF issue that can lead to Object Injection. This allows an attacker to potentially manipulate the application by exploiting the...

CVE-2024-37906

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.9, there is an SQL Injection in the /admprogram/modules/ecards/ecardsend.php source file of the Admidio Application. The SQL Injection results in a compromise of the...

CVE-2025-3907

Cross-Site Request Forgery CSRF vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.This issue affects Search API Solr: from 0.0.0 before 4.3.9...

CVE-2025-3907

Cross-Site Request Forgery CSRF vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.This issue affects Search API Solr: from 0.0.0 before 4.3.9...

CVE-2025-3907 Search API Solr - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-046

Cross-Site Request Forgery CSRF vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.This issue affects Search API Solr: from 0.0.0 before 4.3.9...

PT-2025-17661 · Drupal · Drupal Search Api Solr

Name of the Vulnerable Software and Affected Versions: Drupal Search API Solr versions 0.0.0 through 4.3.8 Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed. This issue can be exploited to perform actions on behalf of another...

Drupal Search API Solr module < 4.3.9 - Unauthenticated Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF vulnerability discovered by Pierre Rudloff prudloff in WordPress Module Search API Solr versions 4.3.9...

WordPress plugin WP Social Feed Gallery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-28577 · WordPress · Wp Social Feed Gallery

Name of the Vulnerable Software and Affected Versions: WP Social Feed Gallery versions through 4.3.9 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions through...

PT-2024-32960 · Unknown · Cm Tooltip Glossary

Name of the Vulnerable Software and Affected Versions: CM Tooltip Glossary versions through 4.3.9 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For...

WordPress CM Tooltip Glossary plugin <= 4.3.9 - Stored Cross-Site Scripting vulnerability

Stored Cross-Site Scripting vulnerability discovered by Robert DeVore Patchstack Alliance in WordPress Plugin CM Tooltip Glossary versions = 4.3.9...

RHBA-2020:1310 Red Hat Bug Fix Advisory: Red Hat Virtualization Host (redhat-virtualization-host) 4.3.9 async

Bulletin has no description...

CVE-2024-37906

Admidio has a Blind SQL Injection in ecards/ecard_send.php affecting versions prior to 4.3.9. The vulnerability arises from directly concatenating the POST parameter ecard_recipients into the SQL query, allowing a member to trigger time-based, condition-based, or out-of-band payloads to compromis...