CVE-2021-41036

In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client does not check remlen size in readpacket...

PT-2026-1596

Name of the Vulnerable Software and Affected Versions Stylish Order Form Builder plugin for WordPress versions prior to 1.1 Description The Stylish Order Form Builder plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escapi...

PT-2026-1593

Name of the Vulnerable Software and Affected Versions WP Status Notifier plugin for WordPress versions prior to 1.1 Description The WP Status Notifier plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is caused by insufficient or incorrect nonce validation when updating...

PT-2025-46287

Name of the Vulnerable Software and Affected Versions Coon Google Maps plugin for WordPress versions prior to 1.1 Description The Coon Google Maps plugin for WordPress is susceptible to Stored Cross-Site Scripting through the height parameter within the 'map' shortcode. This occurs because of...

CVE-2025-49945 WordPress Shortcode Generator plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kylegetson Shortcode Generator shortcode-generator allows Reflected XSS.This issue affects Shortcode Generator: from n/a through = 1.1...

SYNCK GRAPHICA Real-time Bus Tracking System 安全漏洞

SYNCK GRAPHICA Real-time Bus Tracking System is a real-time bus tracking system from SYNCK GRAPHICA, Japan. A security vulnerability exists in SYNCK GRAPHICA Real-time Bus Tracking System versions prior to 1.1, which stems from improper validation of input quantities and could lead to a denial of...

CVE-2024-10441

Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS BSM before 1.1-65374 and Synology DiskStation Manager DSM before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allows remote attackers to execute arbitrary code via unspecified vectors...

PT-2025-6459 · WordPress · Ebook Downloader

Name of the Vulnerable Software and Affected Versions: Ebook Downloader plugin for WordPress versions prior to 1.1 Description: The issue is related to SQL Injection via the download parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the...

PT-2024-34769 · Mansur Ahamed · Woocommerce Quote Calculator

Name of the Vulnerable Software and Affected Versions: Mansur Ahamed Woocommerce Quote Calculator versions prior to 1.1 Description: The issue is related to an SQL Injection vulnerability, specifically Improper Neutralization of Special Elements used in an SQL Command, allowing Blind SQL Injectio...

WordPress plugin IP Loc8 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

CVE-2024-4228

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE - 522 - Insufficiently Protected Credentials vulnerability in Magarsus Consultancy SSO Single Sign On allows SQL Injection. This issue...

CVE-2023-5637

Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Read Sensitive Strings Within an Executable.This issue affects Education Portal: before v1.1...

CVE-2023-5636

Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Command Injection.This issue affects Education Portal: before v1.1...

ArslanSoft Education Portal Security Breach

ArslanSoft Education Portal is an education portal from ArslanSoft, Inc. A security vulnerability exists in ArslanSoft Education Portal versions prior to v1.1 that stems from a security flaw in the Outbound Error Messages and Alert Signals features...

CVE-2023-4530

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Turna Advertising Administration Panel allows SQL Injection. This issue affects Advertising Administration Panel: before 1.1...

Turna Advertising Administration Panel SQL Injection Vulnerability

Turna Advertising Administration Panel is an advertising administration panel from Turna. Turna Advertising Administration Panel versions prior to 1.1 are vulnerable to a SQL injection vulnerability that stems from the presence of a SQL injection vulnerability...

CVE-2023-3898

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in mAyaNet E-Commerce Software allows SQL Injection. This issue affects E-Commerce Software: before 1.1...

mAyaNet E-Commerce SQL Injection Vulnerability

mAyaNet E-Commerce is an e-commerce platform from mAyaNet, Inc. A SQL injection vulnerability exists in mAyaNet E-Commerce versions prior to 1.1, which stems from incorrect neutralization of special elements used in SQL commands...

PT-2023-21853 · Unknown · Cyberus Key

Name of the Vulnerable Software and Affected Versions: Cyberus Key plugin versions prior to 1.1 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin or higher privileges. Recommendations: For versions prior to 1.1, update to...

CVE-2022-2178

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saysis Computer Starcities allows Cross-Site Scripting XSS.This issue affects Starcities: before 1.1...