259 matches found
CVE-2020-36955
Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the page title field. Attackers can create a new page with a malicious script in the title, which will be executed when the pag...
CVE-2020-36955
CVE-2020-36955 affects Grav CMS 1.6.30 with Admin Plugin 1.9.18. The issue is a persistent cross-site scripting vulnerability in the page title field that requires an authenticated user. An attacker can create a page whose title contains malicious script, and the script will execute when the page...
CVE-2020-36955 Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site Scripting
Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the page title field. Attackers can create a new page with a malicious script in the title, which will be executed when the pag...
EUVD-2020-30847
Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the page title field. Attackers can create a new page with a malicious script in the title, which will be executed when the pag...
CVE-2026-0682
The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audiourl' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to...
CVE-2026-0682
The CVE-2026-0682 entry describes an authenticated Administrator+ SSRF against WordPress Church Admin plugin (versions up to 5.0.28) due to insufficient validation of the audio_url parameter. An attacker could cause the web app to issue requests to internal services, enabling querying/modificatio...
EUVD-2026-3155
The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audiourl' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to...
CVE-2026-0682 Church Admin <= 5.0.28 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'audio_url' Parameter
The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audiourl' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to...
CVE-2026-0682
The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audiourl' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to...
PT-2026-3344
The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audio url' parameter. This makes it possible for authenticated attackers, with Administrator-level access, t...
CVE-2025-14741
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to missing authorization to unauthorized data modification and deletion due to a missing capability check on the 'deleteobject' function in all versions up to, and including, 3.28.25. This makes it possible for unauthenticated...
WordPress Frontend Admin by DynamiApps plugin <= 3.28.25 - Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form Element vulnerability
Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form Element vulnerability discovered by andrea bocchetti in WordPress Plugin Frontend Admin by DynamiApps versions = 3.28.25...
WordPress plugin WP Table Builder – Drag & Drop Table Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress plugin Frontend Admin by DynamiApps 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
Exploit for CVE-2025-13342
CVE-2025-13342 PoC The Frontend Admin by DynamiApps plugin fo...
CVE-2025-61318
Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature...
CVE-2025-61318
Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature...
PT-2025-49559
Name of the Vulnerable Software and Affected Versions Emlog Pro version 2.5.20 Description Emlog Pro 2.5.20 contains a flaw that allows for arbitrary file deletion. This issue is present in the admin/template.php and admin/plugin.php components, which do not properly validate file paths or filter...
CVE-2025-61318
CVE-2025-61318 affects Emlog Pro 2.5.20. The vulnerability stems from the admin/template.php and admin/plugin.php components where path validation is missing and deletion parameters are not properly filtered, allowing directory traversal that can lead to arbitrary file deletion. The issue is not ...
EUVD-2025-201728
Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature...