15 matches found
CVE-2025-71310
The GDPR cookies module for Backdrop CMS before 1.x-1.3.5 doesn't sufficiently protect visitors from Cross Site Scripting XSS if a malicious value has been provided for the optional 'Info content' field for the YouTube service. This is mitigated by the fact that an attacker must have a role with...
PT-2026-36672
Name of the Vulnerable Software and Affected Versions crmeb java versions prior to 1.3.5 Description An unrestricted file upload issue exists within the Admin Upload component, specifically affecting the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java...
CVE-2025-9034
The Wp Edit Password Protected WordPress plugin before 1.3.5 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...
CVE-2025-9034 Wp Edit Password Protected < 1.3.5 - Open Redirect
The Wp Edit Password Protected WordPress plugin before 1.3.5 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...
CVE-2025-9034
CVE-2025-9034 concerns the WordPress plugin Wp Edit Password Protected (prior to v1.3.5). The issue is an Open Redirect caused by not validating the parameter before redirecting to its value, enabling redirection to an arbitrary URL. Affected product: Wp Edit Password Protected – Create Password ...
WordPress plugin Small Package Quotes – USPS Edition SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...
PT-2023-16312 · Unknown · Wp Film Studio
Name of the Vulnerable Software and Affected Versions: WP Film Studio version 1.3.4 and earlier Description: The issue concerns a lack of CSRF check when activating plugins, which could allow attackers to make logged-in admins activate arbitrary plugins present on the blog via a CSRF attack...
SUSE CVE-2009-1956
Off-by-one error in the aprbrigadevprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service application crash via crafted input...
Atlassian Confluence 安全漏洞
Atlassian Confluence is a suite of specialized enterprise knowledge management and collaboration software from Atlassian Australia, which can also be used to build enterprise WiKi. A security vulnerability exists in Atlassian Confluence versions prior to 1.3.5 that stems from improper handling of...
CVE-2022-1800
The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability...
PT-2021-22867 · Gnu +2 · Gnu Mailman Postorius +2
Name of the Vulnerable Software and Affected Versions: GNU Mailman Postorius versions prior to 1.3.5 Description: An issue was discovered in views/list.py in GNU Mailman Postorius. An attacker, logged into any account, can send a crafted POST request to unsubscribe any user from a mailing list,...
CVE-2020-36384
PageLayer before 1.3.5 allows reflected XSS via color settings...
WordPress groundhogg plugin security vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress groundhogg plugin versions prior to 1.3.5. An attacker can exploit the...
WordPress subscriber plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. subscriber plugin is a subscription management plugin used in it. A cross-site scripting vulnerability exists in WordPress subscriber...
CVE-2017-18502
The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues...