PT-2026-42103

The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via 'internalOptions' localized script data in versions up to, and including, 4.9.7 due to sensitive internal option data being passed to wp localize script in post editor contexts without effective masking fo...

WordPress All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin <= 4.9.7 - Authenticated (Contributor+) Sensitive Information Exposure vulnerability

Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by 0x61626390 in WordPress Plugin All In One SEO Pack versions = 4.9.7...

EUVD-2024-36515

Malicious code in bioql PyPI...

CVE-2025-59139 Hono has Body Limit Middleware Bypass

Hono is a Web application framework that provides support for any JavaScript runtime. In versions prior to 4.9.7, a flaw in the bodyLimit middleware could allow bypassing the configured request body size limit when conflicting HTTP headers were present. The middleware previously prioritized the...

CVE-2024-37227

Cross Site Request Forgery CSRF vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.7...

CVE-2021-35522

A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers to achieve code execution, denial of services, and information disclosure via TCP/IP packets...

WordPress plugin WP All Import Pro 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site...

PT-2025-5988 · WordPress · Wp All Import Pro

Name of the Vulnerable Software and Affected Versions: WP All Import Pro versions up to and including 4.9.7 Description: The issue is related to cross-site request forgery due to missing nonce validation in the delete and edit function. This allows unauthenticated attackers to delete imported...

WordPress Survey Maker plugin <= 4.9.7 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Survey Maker versions = 4.9.5...

CVE-2024-37227

Cross Site Request Forgery CSRF vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.7...

WordPress Newsletters plugin <= 4.9.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Newsletters versions = 4.9.7...

LG webOS 安全漏洞

LG webOS is a Linux kernel-based smart TV operating system from South Korea's Lakin LG. A security vulnerability exists in LG webOS that originates from a hint bypass in the secondscreen.gateway service. An attacker can exploit the vulnerability to create a privileged account without asking the...

WordPress Spiffy Calendar Plugin <= 4.9.7 is vulnerable to Cross Site Scripting (XSS)

Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.7 Fixed in 4.9.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30427 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID e5917dca625b Credits Dimas Maulana Required privileg...

WordPress ChatBot Plugin 4.8.6-4.9.6 is vulnerable to Cross Site Scripting (XSS)

Software ChatBot Type Plugin Vulnerable versions 4.8.6-4.9.6 Fixed in 4.9.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5606 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5c671cd5cf6e Credits Huynh Tien Si Required...

CVE-2020-17480

TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor...

dodeyca.ch Cross Site Scripting vulnerability

Security Researcher metamorfosec Helped patch 1935 vulnerabilities Received 9 Coordinated Disclosure badges Received 31 recommendations , a holder of 9 badges for responsible and coordinated disclosure, found a security vulnerability affecting dodeyca.ch website and its users. Following coordinat...

Joomla! Component J-BusinessDirectory 4.9.7 - type SQL Injection

Joomla! Component J-BusinessDirectory 4.9.7 - type SQL Injection Exploit Title: Joomla! Component J-BusinessDirectory 4.9.7 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://cmsjunkie.com/ Software Link:...

WordPress 4.9.x < 4.9.7 Arbitrary File Deletion

According to its self-reported version number, the detected WordPress application is affected by issue that could allow a user who is able to edit uploaded media to attempt to delete files outside the uploads directory. Note that the scanner has not tested for these issues but has instead relied...

CVE-2018-14028

In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then...

Fedora 27 : wordpress (2018-8fc2cb8cb0)

Update to 4.9.7 security release. https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-mainte nance-release/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and...