CVE-2025-46492 WordPress Call Now PHT Blog plugin <= 2.4.1 - CSRF to XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Pham Thanh Call Now PHT Blog allows Stored XSS. This issue affects Call Now PHT Blog: from n/a through 2.4.1...

CVE-2025-46492

CVE-2025-46492 describes a CSRF to Stored XSS in the WordPress plugin Call Now PHT Blog (versions n/a through 2.4.1). The vulnerability arises from CSRF enabling stored XSS; affected product is the Call Now PHT Blog plugin for WordPress. The CVE entry indicates the issue affects versions up to 2....

WordPress plugin Blog Manager WP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Call Now PHT Blog 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in WordPress plugin...

PT-2025-17801 · Unknown · Call Now Pht Blog

Name of the Vulnerable Software and Affected Versions: Call Now PHT Blog versions n/a through 2.4.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on the web application,...

PT-2025-17822 · WordPress · Blog Manager Wp

Name of the Vulnerable Software and Affected Versions: Blog Manager WP versions 1.0.0 through 1.0.5 Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting XSS vulnerability. Specifically, it is a Stored XSS...

Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp

Working PoC for CVE-2025-32433 !ca...

CVE-2025-26934

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in graphthemes Glossy Blog glossy-blog allows Stored XSS.This issue affects Glossy Blog: from n/a through = 1.0.3...

CVE-2025-29461

An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the /bid/1/admin/entry-edit/ path...

BlogCMS 安全漏洞

BlogCMS is a PHP and MySQL based blogging system by Pramod Mahato Individual Developer in India. A security vulnerability exists in BlogCMS version 3.1.15, which stems from improper handling of the /bid/1/admin/entry-edit/ path, which could allow remote attackers to obtain sensitive information...

CVE-2025-3591

A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/v1/blog/edit. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been...

CVE-2025-3593

A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been declared as critical. This vulnerability affects the function Upload of the file /admin/upload/authorImg/. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely...

CVE-2025-3592

A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/v1/link/edit. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

Test

The post Test appeared first on Wallarm...

CVE-2025-26934

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in graphthemes Glossy Blog glossy-blog allows Stored XSS.This issue affects Glossy Blog: from n/a through = 1.0.3...

CVE-2025-26934 WordPress Glossy Blog theme <= 1.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in graphthemes Glossy Blog glossy-blog allows Stored XSS.This issue affects Glossy Blog: from n/a through = 1.0.3...

CVE-2025-26934 WordPress Glossy Blog theme <= 1.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in graphthemes Glossy Blog glossy-blog allows Stored XSS.This issue affects Glossy Blog: from n/a through = 1.0.3...

CVE-2025-26934

CVE-2025-26934 is a Stored XSS in the WordPress Glossy Blog theme (versions up to 1.0.3). The vulnerability arises from improper input neutralization during web page generation, allowing attacker-supplied content to be stored and rendered on pages. Affected product: Glossy Blog (WordPress theme) ...

WordPress plugin Glossy Blog 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-16522 · Unknown · Glossy Blog

Name of the Vulnerable Software and Affected Versions: Glossy Blog versions 1.0.3 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that an attacker can inject malicious script...