2341 matches found
CVE-2024-13549 All Bootstrap Blocks <= 1.3.26 - Authenticated (Contributor+) Stored Cross-Site Scripting
The All Bootstrap Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Accordion" widget in all versions up to, and including, 1.3.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
WordPress All Bootstrap Blocks plugin <= 1.3.26 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Nishiv in WordPress Plugin All Bootstrap Blocks versions = 1.3.26...
WordPress plugin All Bootstrap Blocks 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
PT-2025-2215 · WordPress · Bootstrap Blocks
Name of the Vulnerable Software and Affected Versions: All Bootstrap Blocks plugin for WordPress versions up to and including 1.3.26 Description: The issue is related to Stored Cross-Site Scripting via the Accordion widget due to insufficient input sanitization and output escaping. This allows...
WordPress Bootstrap Ultimate theme <= 1.4.9 - Unauthenticated Limited Local File Inclusion vulnerability
Unauthenticated Limited Local File Inclusion vulnerability discovered by Aril Aprilio forsak3n in WordPress Theme Bootstrap Ultimate versions = 1.4.9...
CVE-2024-13545
The Bootstrap Ultimate theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.9 via the path parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the execution of any PHP code in those files. This...
CVE-2024-13545 Bootstrap Ultimate <= 1.4.9 - Unauthenticated Limited Local File Inclusion
The Bootstrap Ultimate theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.9 via the path parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the execution of any PHP code in those files. This...
CVE-2024-13545 Bootstrap Ultimate <= 1.4.9 - Unauthenticated Limited Local File Inclusion
The Bootstrap Ultimate theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.9 via the path parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the execution of any PHP code in those files. This...
CVE-2024-13545
CVE-2024-13545 affects Bootstrap Ultimate theme for WordPress (versions up to 1.4.9). Description: unauthenticated Local File Inclusion via the path parameter allows including PHP files on the server and executing code in those files; if php://filter is enabled, this may lead to Remote Code Execu...
WordPress plugin Bootstrap Ultimate 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
PT-2025-2212 · WordPress · Bootstrap Ultimate
Name of the Vulnerable Software and Affected Versions: Bootstrap Ultimate theme for WordPress versions up to and including 1.4.9 Description: The issue allows unauthenticated attackers to include PHP files on the server via the path parameter, enabling the execution of any PHP code in those files...
Envoy Admin Interface Exposed through prometheus metrics endpoint
Impact A user with access to a Kubernetes cluster where Envoy Gateway is installed can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by Envoy Gateway. The admin interface can be used to terminate the Envoy process and extract the Envoy configuration...
CVE-2025-24030 Envoy Admin Interface Exposed through prometheus metrics endpoint
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway prior...
CVE-2025-24030 Envoy Admin Interface Exposed through prometheus metrics endpoint
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway prior...
CVE-2025-24030
CVE-2025-24030 affects Envoy Gateway prior to version 1.2.6. A user with Kubernetes cluster access can perform a path traversal attack against the Envoy Admin interface to terminate the Envoy process and exfiltrate the proxy configuration (potentially containing confidential data). The issue is f...
CVE-2025-24030 Envoy Admin Interface Exposed through prometheus metrics endpoint
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway prior...
PT-2025-5269
Name of the Vulnerable Software and Affected Versions: Envoy Gateway versions prior to 1.2.6 Description: A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by Envoy Gateway. The admin interface can be used to...
Drupal Flattern – Multipurpose Bootstrap Business Profile module * - Authenticated Other Vulnerability Type vulnerability
Authenticated Other Vulnerability Type vulnerability discovered by Drupal Security Site in WordPress Module Flattern – Multipurpose Bootstrap Business Profile versions...
CVE-2025-22743
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mohsin Rasool Twitter Bootstrap Collapse aka Accordian Shortcode twitter-bootstrap-collapse-aka-accordian-shortcode allows DOM-Based XSS.This issue affects Twitter Bootstrap Collapse aka Accordian...
CVE-2025-22743 WordPress Twitter Bootstrap Collapse aka Accordian Shortcode plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mohsin Rasool Twitter Bootstrap Collapse aka Accordian Shortcode allows DOM-Based XSS.This issue affects Twitter Bootstrap Collapse aka Accordian Shortcode: from n/a through 1.0...