3642 matches found
PT-2026-48232
Name of the Vulnerable Software and Affected Versions image-size versions 1.1.0 through 1.2.0 image-size versions 2.0.0 through 2.0.1 Description A denial of service issue exists when processing specially crafted images with zero-sized boxes. Remote attackers can cause an application hang by...
CVE-2025-31450
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in phantom.omaga Toggle Box toggle-box allows Stored XSS.This issue affects Toggle Box: from n/a through = 1.6...
CVE-2025-30830
Missing Authorization vulnerability in Hossni Mubarak Cool Author Box hm-cool-author-box-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cool Author Box: from n/a through = 2.9.9...
CVE-2025-28885
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fiverraffiliates Fiverr.com Official Search Box fiverr-official-search-box allows Stored XSS.This issue affects Fiverr.com Official Search Box: from n/a through = 1.0.8...
WordPress Toggle Box plugin <= 1.6 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Toggle Box versions = 1.6...
CVE-2025-31450
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in phantom.omaga Toggle Box toggle-box allows Stored XSS.This issue affects Toggle Box: from n/a through = 1.6...
CVE-2025-31450
CVE-2025-31450 affects Toggle Box (WordPress plugin) and is an authenticated (Contributor+) Stored XSS in the Toggle Box code path. Primary details from the CVE entry indicate Improper Neutralization of Input During Web Page Generation leading to Stored XSS in Toggle Box versions up to 1.6. The W...
CVE-2025-31450 WordPress Toggle Box <= 1.6 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in phantom.omaga Toggle Box allows Stored XSS. This issue affects Toggle Box: from n/a through 1.6...
CVE-2025-31450 WordPress Toggle Box plugin <= 1.6 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in phantom.omaga Toggle Box toggle-box allows Stored XSS.This issue affects Toggle Box: from n/a through = 1.6...
WordPress plugin Toggle Box 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...
CVE-2025-30830
Missing Authorization vulnerability in Hossni Mubarak Cool Author Box hm-cool-author-box-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cool Author Box: from n/a through = 2.9.9...
WordPress Cool Author Box plugin <= 2.9.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Cool Author Box versions = 2.9.9...
CVE-2025-30830
CVE-2025-30830 : Exists in Cool Author Box (WordPress plugin) up to version 2.9.9. Root cause is Missing/Incomplete Authorization due to misconfigured access control levels, enabling unauthorized actions. Patch status in connected data shows a fix in version 2.9.9; remediation is to upgrade to 2....
WordPress plugin Hossni Mubarak Cool Author Box 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
The vulnerability of the sctp_sf_ootb() function in the net/sctp/sm_statefuns.c module of the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the sctpsfootb function in the net/sctp/smstatefuns.c module of the Linux kernel is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to cause a service failure...
CVE-2025-28885
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fiverraffiliates Fiverr.com Official Search Box fiverr-official-search-box allows Stored XSS.This issue affects Fiverr.com Official Search Box: from n/a through = 1.0.8...
CVE-2025-28885 WordPress Fiverr.com Official Search Box plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fiverraffiliates Fiverr.com Official Search Box fiverr-official-search-box allows Stored XSS.This issue affects Fiverr.com Official Search Box: from n/a through = 1.0.8...
CVE-2025-28885
CVE-2025-28885 is a stored XSS vulnerability in Fiverr.com Official Search Box (WordPress plugin “Fiverr.com Official Search Box”). In the vulnerability, input is not properly neutralized during web page generation, enabling stored Cross-Site Scripting. Affects versions up to 1.0.8 (n/a through 1...
CVE-2025-28885 WordPress Fiverr.com Official Search Box plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fiverraffiliates Fiverr.com Official Search Box fiverr-official-search-box allows Stored XSS.This issue affects Fiverr.com Official Search Box: from n/a through = 1.0.8...
CVE-2025-2573 Amazing service box Addons For WPBakery Page Builder <= 2.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The Amazing service box Addons For WPBakery Page Builder formerly Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible f...