CVE-2026-35180

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customizesettingsnativeUpdate.json.php lacks CSRF token validation and writes uploaded logo files to disk before the ORM's domain-based security check executes. Combined with...

EUVD-2024-52551

Malicious code in bioql PyPI...

CVE-2024-54431

Cross-Site Request Forgery CSRF vulnerability in phpdevp Admin Customization wpp-customization allows Stored XSS.This issue affects Admin Customization: from n/a through = 2.2...

CVE-2024-54431

Cross-Site Request Forgery CSRF vulnerability in phpdevp Admin Customization wpp-customization allows Stored XSS.This issue affects Admin Customization: from n/a through = 2.2...

CVE-2024-54431 WordPress Admin Customization plugin <= 2.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in phpdevp Admin Customization wpp-customization allows Stored XSS.This issue affects Admin Customization: from n/a through = 2.2...

CVE-2024-54431

CVE-2024-54431 is a CSRF-to-Stored-XSS vulnerability in the Admin Customization plugin for Admin Customization: from n/a through 2.2. The issue, described in connected documents as a Cross-Site Request Forgery vulnerability that enables Stored XSS, affects the Admin Customization plugin before or...

WordPress plugin Admin Customization 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress Admin Customization plugin <= 2.2 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Admin Customization versions = 2.2...

PT-2024-35710 · WordPress · Wp Admin Ui Customize

Name of the Vulnerable Software and Affected Versions: WP Admin UI Customize versions prior to 1.5.14 Description: A cross-site scripting issue exists, allowing an arbitrary script to be executed on the web browser of other users who access the admin screen, if a malicious admin user customizes t...

Cross site scripting

Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics. NOTE: the vendor disputes this because these header/footer changes can only be made by an...

CVE-2023-44766

A Cross Site Scripting XSS vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. NOTE: the vendor disputes this because this SEO-related header change can only be made by an admin, and allowing an admin to...

CVE-2023-44766

A Cross Site Scripting XSS vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. NOTE: the vendor disputes this because this SEO-related header change can only be made by an admin, and allowing an admin to...