CVE-2026-2127

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and including, 1.70.4. This is due to a missing capability check on the siteoriginwidgetpreviewwidgetaction function which is registered via the...

CVE-2024-11913

The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.1 via the 'ajaxpreviewlink' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web...

CVE-2022-28730

A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. This vulnerability leverages CVE-2021-40369, where the Denounce...

PT-2022-19198 · Apache · Apache Jspwiki

Name of the Vulnerable Software and Affected Versions: Apache JSPWiki versions prior to 2.11.3 Description: A carefully crafted request on "AJAXPreview.jsp" could trigger an issue that allows an attacker to execute javascript in the victim's browser and obtain sensitive information. This issue...

Apache JSPWiki 跨站脚本漏洞

Apache JSPWiki is a U.S. Apache Apache Foundation , an open source WikiWiki engine built on Java, Servlet and JSP . A security vulnerability exists in Apache JSPWiki versions prior to 2.11.3, which stems from an XSS vulnerability that can be triggered by a crafted request on AJAXPreview.jsp. This...

PHPOK3 business website built Station program injection-vulnerability warning-the black bar safety net

Author: jsbug original: http://lcx.cc/?FoxNews=1077.html Friends always stepping on my body to embark on DOTA Super God of the road, see the forum someone said phpok, taking advantage of the weekend, send on the head a gold, hope you can also be super-God. “phpok3/app/www/models/upfile.php”: the...