256 matches found
CVE-2025-31635
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in LambertGroup CLEVER lbg-audio11-html5-shoutcasthistory allows Path Traversal.This issue affects CLEVER: from n/a through = 2.6.2...
CVE-2025-31635
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in LambertGroup CLEVER lbg-audio11-html5-shoutcasthistory allows Path Traversal.This issue affects CLEVER: from n/a through = 2.6...
CVE-2025-31635 WordPress CLEVER <= 2.6 - Arbitrary File Download Vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in LambertGroup CLEVER allows Path Traversal. This issue affects CLEVER: from n/a through 2.6...
CVE-2025-31635
CVE-2025-31635: WordPress CLEVER plugin ≤ 2.6 contains an unauthenticated path traversal vulnerability enabling arbitrary file download. The issue stems from improper pathname handling in the CLEVER plugin, allowing access to restricted files. Public references corroborate affected versions as “n...
WordPress plugin CLEVER 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress CLEVER plugin suffers from a path traversal vulnerability that stems from the program failing to properly filter special elements in the path of a resource or file...
PT-2025-24487 · Lambertgroup · Lambertgroup Clever
Name of the Vulnerable Software and Affected Versions: LambertGroup CLEVER versions n/a through 2.6 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'. This allows for Path Traversal in LambertGroup CLEVER...
CVE-2024-43324
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in CleverSoft Clever Addons for Elementor allows Stored XSS.This issue affects Clever Addons for Elementor: from n/a through 2.2.0...
CVE-2024-1768
The Clever Fox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's info box block in all versions up to, and including, 25.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...
CVE-2024-10357
The Clever Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.1 via the getTemplateContent function in src/widgets/class-clever-widget-base.php. This makes it possible for authenticated attackers, with...
CVE-2024-51580
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in zootemplate Clever Addons for Elementor cafe-lite allows Stored XSS.This issue affects Clever Addons for Elementor: from n/a through = 2.2.1...
CVE-2023-47754
Missing Authorization vulnerability in Clever plugins Delete Duplicate Posts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Delete Duplicate Posts: from n/a through 4.8.9...
CVE-2023-23823
Missing Authorization vulnerability in Clever Widgets Enhanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a through 1.5.8...
CVE-2023-6876
The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme' function in all versions up to, and including, 25.2.0. This makes it possible for authenticated...
CVE-2021-24273
The “Clever Addons for Elementor” WordPress Plugin before 2.1.0 has several widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...
CVE-2005-2326
Cross-site scripting XSS vulnerability in Clever Copy 2.0 and 2.0a allows remote attackers to inject arbitrary web script or HTML via the yr parameter to calendar.php...
CVE-2005-2325
Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full path of the web root via a direct request to 1 ticker.php, 2 menu.php, 3 banned.php, 4 endlayout.php, 5 randomhlinesblock.php, 6 showlast.php, 7 showlast5class1.php, 8 showlast5phorum.php, 9 showlast5phorumblock.php, 10...
CVE-2005-2324
Cross-site scripting XSS vulnerability in Clever Copy 2.0 and 2.0a allows remote attackers to inject arbitrary web script or HTML via the searchtype or searchterm parameters to 1 results.php or 2 categorysearch.php...
CVE-2025-3103
CVE-2025-3103 : The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon for WordPress is vulnerable to an unauthenticated arbitrary file read due to insufficient file path validation in the history.php file. This affects all versions up to and including 2.4, ...
WordPress plugin CLEVER 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2017-11429
Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to...