2195 matches found
CVE-2017-18489
The contact-form-7-sms-addon plugin before 2.4.0 for WordPress has XSS...
CVE-2019-18937
eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser AddOn through 1.8 installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi script, which executes TCL script content from an HTTP POST request...
CVE-2019-13030
eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola configuration details. This is related to improper access control for addons configuration pages and a...
CVE-2025-39410
CVE-2025-39410 describes a deserialization of untrusted data vulnerability in the WordPress plugin “Smart Sections Theme Builder – WPBakery Page Builder Addon” (versions up to 1.7.8). Public data in the connected documents confirms a PHP Object Injection flaw that affects this addon, with CVSS v3...
CVE-2025-39410 WordPress Smart Sections Theme Builder - WPBakery Page Builder Addon plugin <= 1.7.8 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in themegusta Smart Sections Theme Builder - WPBakery Page Builder Addon.This issue affects Smart Sections Theme Builder - WPBakery Page Builder Addon: from n/a through 1.7.8...
WordPress plugin Smart Sections Theme Builder - WPBakery Page Builder Addon 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. WordPress plugin Smart Sections Theme...
CVE-2025-2594
The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID...
CVE-2025-32605
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in expresstechsoftware MemberPress Discord Addon expresstechsoftwares-memberpress-discord-add-on allows Reflected XSS.This issue affects MemberPress Discord Addon: from n/a through = 1.1.1...
CVE-2025-2594
The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID...
CVE-2025-2594 User Registration & Membership < 4.1.3 - Authentication Bypass
The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID...
CVE-2025-2594
The CVE-2025-2594 affects the WordPress plugin “User Registration & Membership” prior to version 4.1.3. Affected behavior: when the Membership Addon is enabled, data in an AJAX action is not properly validated, enabling an attacker to authenticate as any user (including administrators) by supplyi...
WordPress plugin User Registration & Membership 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Themesflat Addons For Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2025-32605
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in expresstechsoftware MemberPress Discord Addon expresstechsoftwares-memberpress-discord-add-on allows Reflected XSS.This issue affects MemberPress Discord Addon: from n/a through = 1.1.1...
CVE-2025-32605 WordPress MemberPress Discord Addon Plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in expresstechsoftware MemberPress Discord Addon expresstechsoftwares-memberpress-discord-add-on allows Reflected XSS.This issue affects MemberPress Discord Addon: from n/a through = 1.1.1...
CVE-2025-32605 WordPress MemberPress Discord Addon Plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in expresstechsoftware MemberPress Discord Addon allows Reflected XSS. This issue affects MemberPress Discord Addon: from n/a through 1.1.1...
CVE-2025-32605
CVE-2025-32605 is a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin MemberPress Discord Addon (expresstechsoftware) affecting versions up to and including 1.1.1. The root cause is Improper Neutralization of Input During Web Page Generation , i.e., input is not properly ...
CVE-2025-26745
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RSTheme RS Elements Elementor Addon rselements-lite allows Stored XSS.This issue affects RS Elements Elementor Addon: from n/a through = 1.1.5...
PT-2025-17134 · Expresstechsoftware · Memberpress Discord Addon
Name of the Vulnerable Software and Affected Versions: expresstechsoftware MemberPress Discord Addon versions 1.1.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS...
WordPress plugin MemberPress Discord Addon 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...