CVE-2025-68843 WordPress FeedWordPress Advanced Filters plugin <= 0.6.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bas Schuiling FeedWordPress Advanced Filters faf allows Reflected XSS.This issue affects FeedWordPress Advanced Filters: from n/a through = 0.6.2...

CVE-2025-68843

CVE-2025-68843 corresponds to a Reflected Cross-Site Scripting (XSS) in the WordPress plugin FeedWordPress Advanced Filters (faf). Multiple sources (NVD, Red Hat, CVE list, PatchStack) describe the issue as improper neutralization of input during web page generation, enabling Reflected XSS for Fe...

CVE-2025-68032 WordPress Advanced WC Analytics plugin <= 3.19.0 - Settings Change vulnerability

Missing Authorization vulnerability in Passionate Brains Advanced WC Analytics advance-wc-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced WC Analytics: from n/a through = 3.19.0...

CVE-2025-68032

CVE-2025-68032 (WordPress Advanced WC Analytics

CVE-2025-68032 WordPress Advanced WC Analytics plugin <= 3.19.0 - Settings Change vulnerability

Missing Authorization vulnerability in Passionate Brains Advanced WC Analytics advance-wc-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced WC Analytics: from n/a through = 3.19.0...

CVE-2026-25453

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mdempfle Advanced iFrame advanced-iframe allows DOM-Based XSS.This issue affects Advanced iFrame: from n/a through = 2025.10...

CVE-2026-25412

Missing Authorization vulnerability in mdempfle Advanced iFrame advanced-iframe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced iFrame: from n/a through = 2025.10...

CVE-2025-12884

The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action in the placementupdateitem function. This makes it possible...

PT-2026-21078

Name of the Vulnerable Software and Affected Versions Passionate Brains Advanced WC Analytics versions through 3.19.0 Description An authorization issue exists in Passionate Brains Advanced WC Analytics, allowing exploitation due to incorrectly configured access control security levels...

WordPress plugin FeedWordPress Advanced Filters 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-21105

Name of the Vulnerable Software and Affected Versions FeedWordPress Advanced Filters versions through 0.6.2 Description The software contains a flaw related to improper input handling during web page generation, which can lead to Reflected Cross-site Scripting XSS. This means that an attacker cou...

WordPress plugin Advanced WC Analytics 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2026-23606

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Advanced Content Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtRuleName parameter to...

CVE-2026-23606 GFI MailEssentials AI < 22.4 Advanced Content Filtering Rule Stored XSS

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Advanced Content Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtRuleName parameter to...

CVE-2026-23606 GFI MailEssentials AI < 22.4 Advanced Content Filtering Rule Stored XSS

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Advanced Content Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtRuleName parameter to...

CVE-2026-23606

Technical details (affected product/version, root cause, fix) are not publicly available in the provided connected documents. Monitor for updates on CVE-2026-23606.

GO-2026-4479 Usage of random nonce generation with AES GCM ciphers risks leaking the authentication key in github.com/pion/dtls

Usage of random nonce generation with AES GCM ciphers risks leaking the authentication key in github.com/pion/dtls...

WordPress Advanced AJAX Product Filters plugin <= 3.1.9.6 - Authenticated (Author+) PHP Object Injection via Live Composer Compatibility vulnerability

Authenticated Author+ PHP Object Injection via Live Composer Compatibility vulnerability discovered by WordFence in WordPress Plugin Advanced AJAX Product Filters versions = 3.1.9.6...

CVE-2019-25429

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the openvpnadvanced endpoint. Attackers can inject JavaScript code through the GLOBALNETWORKS and GLOBALDNS parameters via POST...

CVE-2019-25429

CVE-2019-25429 : Affected product is Comodo Dome Firewall 2.7.0. The vulnerability is a reflected cross-site scripting (XSS) flaw in the openvpn_advanced endpoint, allowing an attacker to inject JavaScript into a victim’s browser by submitting crafted input through the GLOBAL_NETWORKS and GLOBAL_...