CVE-2026-6495

The CVE-2026-6495 entry concerns the Ajax Load More WordPress plugin and a Reflected XSS vulnerability in versions before 7.8.4 , caused by failure to sanitize/escape a parameter before output . This could affect high-privilege accounts (e.g., admins) if an attacker can induce the vulnerable para...

CVE-2025-68600 WordPress Link Library plugin <= 7.8.7 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Yannick Lefebvre Link Library link-library allows Server Side Request Forgery.This issue affects Link Library: from n/a through = 7.8.7...

CVE-2025-68600 WordPress Link Library plugin <= 7.8.7 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Yannick Lefebvre Link Library link-library allows Server Side Request Forgery.This issue affects Link Library: from n/a through = 7.8.7...

PT-2025-53288

Name of the Vulnerable Software and Affected Versions Link Library versions through 7.8.4 Description A Server-Side Request Forgery SSRF vulnerability exists in Yannick Lefebvre Link Library. This issue allows for Server Side Request Forgery. Recommendations Update Link Library to a version newer...

WordPress plugin Link Library 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

Fortra GoAnywhere MFT License Servlet Deserialization Vulnerability

Fortra GoAnywhere MFT is a Managed File Transfer MFT solution helping organizations build both internal and external data transfer exchanges. GoAnyWhere MFT versions before 7.8.4 and before 7.6.3 suffer from a deserialization vulnerabilty. By crafting a specific payload, a remote and...

Fortra GoAnywhere Managed File Transfer (MFT) < 7.6.3 / 7.7.x < 7.8.4 Deserialization (CVE-2025-10035)

According to its self-reported version, the instance of Fortra GoAnywhere Managed File Transfer MFT running on the remote web server is prior to 7.6.3 or 7.7.x prior to 7.8.4. It is, therefore, affected by a deserialization vulnerability: - A deserialization vulnerability in the License Servlet o...

CVE-2024-1322

The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setupwizard' function in all versions up to, and including, 7.8.4. This makes it possible for...

CVE-2017-13667

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF...

CVE-2024-56115

A vulnerability in Amiro.CMS before 7.8.4 exists due to the failure to take measures to neutralize special elements. It allows remote attackers to conduct a Cross-Site Scripting XSS attack...

CVE-2024-56115

A vulnerability in Amiro.CMS before 7.8.4 exists due to the failure to take measures to neutralize special elements. It allows remote attackers to conduct a Cross-Site Scripting XSS attack...

Amiro.CMS 安全漏洞

Amiro.CMS is a commercial content management system from Amiro.CMS, Inc. A security vulnerability exists in Amiro.CMS versions prior to 7.8.4 that stems from vulnerability to a cross-site request forgery attack that allows a remote attacker to create an administrator account...

CVE-2024-56115

A vulnerability in Amiro.CMS before 7.8.4 exists due to the failure to take measures to neutralize special elements. It allows remote attackers to conduct a Cross-Site Scripting XSS attack...

PT-2024-36717 · Amiro.Cms · Amiro.Cms

Name of the Vulnerable Software and Affected Versions: Amiro.CMS versions prior to 7.8.4 Description: A vulnerability exists due to the failure to take measures to neutralize special elements, allowing remote attackers to conduct a Cross-Site Scripting XSS attack. Recommendations: For Amiro.CMS...

CVE-2024-1322 Directorist <= 7.8.4 - Missing Authorization to Unauthenticated Settings Change

The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setupwizard' function in all versions up to, and including, 7.8.4. This makes it possible for...

PT-2024-17942 · WordPress · The Directorist: Ai-Powered Wordpress Business Directory Plugin With Classified Ads Listings

Name of the Vulnerable Software and Affected Versions: The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress versions up to, and including, 7.8.4 Description: The issue allows unauthorized modification of data due to a missing capability check on...

WordPress Directorist Plugin <= 7.8.4 is vulnerable to Broken Access Control

Software Directorist Type Plugin Vulnerable versions = 7.8.4 Fixed in 7.8.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1322 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID dd1efe90eebb Credits Lucio Sá Required privilege...

Open-Xchange (OX) App Suite Multiple Vulnerabilities (Jan 2017)

Open-Xchange OX App Suite is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Open-Xchange (OX) App Suite Multiple Vulnerabilities (Dec 2017)

Open-Xchange OX App Suite is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2017-13668

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting XSS...