Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload

The plugin does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE. id: CVE-2023-4666 info: name: Form-Maker 1.15.20 - Unauthenticated Arbitrary File Upload author: pussycat0x severity: critical...

CVE-2026-4666

creationtimestamp| type| source ---|---|--- 2026-04-17 06:10:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjobbvvw652f 2026-04-17 21:32:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mjpur5dhl32n...

WordPress ZotPress plugin <= 7.3.15 - Authenticated (Author+) Stored Cross-Site Scripting via 'nickname' vulnerability

Authenticated Author+ Stored Cross-Site Scripting via 'nickname' vulnerability discovered by mohamed hamadou ZoeniX in WordPress Plugin Zotpress versions = 7.3.15...

CVE-2025-4666

creationtimestamp| type| source ---|---|--- 2025-06-11 05:55:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lrcpumc6v42m...

Linux Distros Unpatched Vulnerability : CVE-2010-4666

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service application crash or possibly have unspecified other...

CVE-2024-4666

The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-4666 Borderless - Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-4666

CVE-2024-4666 applies to Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg (WordPress). It is a stored XSS vulnerability in multiple widgets across all versions up to 1.5.3, caused by insufficient input sanitization and inadequate output escaping on user-supplied att...

WordPress Borderless Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Borderless Type Plugin Vulnerable versions = 1.5.3 Fixed in 1.5.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4666 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d9fe795f805d Credits stealthcopter Required...

CVE-2023-4666

creationtimestamp| type| source ---|---|--- 2023-10-17 00:32:14+00:00| seen| https://t.me/cibsecurity/72347 2025-01-31 21:40:22+00:00| seen| Telegram/KQt3AsBMUv9rm4uNMEtvLFjsfOosJKxmDQL0jQWpInK2LtGCng 2025-04-07 11:02:22+00:00| published-proof-of-concept| https://t.me/Idi0tSecMarket/21 2025-09-24...

CVE-2023-4666 Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload

The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE...

CVE-2023-4666

CVE-2023-4666 affects the Form Maker by 10Web WordPress plugin (before 1.15.20). The vulnerability arises because the plugin does not validate signatures when creating them on the server from user input, allowing unauthenticated users to upload arbitrary files and potentially achieve remote code ...

CVE-2022-4666 Markup <= 4.8.1 - Contributor+ Stored XSS via Shortcode

The Markup JSON-LD structured in schema.org WordPress plugin through 4.8.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Sit...

CVE-2022-4666 Markup <= 4.8.1 - Contributor+ Stored XSS via Shortcode

The Markup JSON-LD structured in schema.org WordPress plugin through 4.8.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Sit...

CVE-2022-4666

CVE-2022-4666 affects the WordPress plugin Markup (JSON-LD) structured in schema.org up to version 4.8.1. The issue is unvalidated/unescaped shortcode attributes that can lead to Stored XSS when embedded in pages/posts by users with contributor role or higher. The connected documents confirm the ...

WordPress Markup (JSON-LD) structured in schema.org Plugin <= 4.8.1 is vulnerable to Cross Site Scripting (XSS)

Software Markup JSON-LD structured in schema.org Type Plugin Vulnerable versions = 4.8.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4666 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID f683250d0657...

SUSE CVE-2010-4666

Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted CAB file, which is not properly handled during the reading of Huffman code data within LZX compressed data...

CVE-2020-4666

creationtimestamp| type| source ---|---|--- 2021-01-08 18:42:01+00:00| seen| https://t.me/cibsecurity/21830...

Ubuntu: Security Advisory (USN-4666-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-4666-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...