WordPress Constructor plugin permission issue vulnerability

WordPress Constructor plugin is a framework for simplifying plugin development, mainly used to help developers quickly build and manage the plugin's components such as options pages, forms and custom fields. WordPress Constructor plugin suffers from a privilege issue vulnerability that stems from...

CVE-2025-9194

The Constructor theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clean function in all versions up to, and including, 1.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger a them...

CVE-2025-9194

The Constructor theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clean function in all versions up to, and including, 1.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger a them...

CVE-2025-9194 Constructor <= 1.6.5 - Missing Authorization to Authenticated (Subscriber+) Theme Clean

The Constructor theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clean function in all versions up to, and including, 1.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger a them...

EUVD-2025-32249

The Constructor theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clean function in all versions up to, and including, 1.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger a them...

CVE-2025-9194

CVE-2025-9194 concerns the WordPress plugin Constructor (versions up to 1.6.5). The issue is a missing capability check in the clean() function, enabling authenticated attackers with Subscriber-level access or higher to trigger a theme clean and modify data. Public sources (e.g., PT-2025-40485) n...

PT-2025-40485

Name of the Vulnerable Software and Affected Versions Constructor theme for WordPress versions prior to 1.6.6 Description The Constructor theme for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check within the clean function. Authenticated...

anti-xss

This is a PHP library called AntiXSS, which is designed to prevent cross-site scripting XSS attacks. The library provides a set of functions to sanitize user input and protect against XSS vulnerabilities. The library is maintained by Lars Moelleken and is available on Packagist, a popular PHP...

Path traversal via Clean on Windows in path/filepath

...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a null pointer dereference in the slgtclean function in the synclinkgt driver...

BIT-GOLANG-2022-29804 Path traversal via Clean on Windows in path/filepath

Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack...

CVE-2022-29804

Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack...

GO-2022-0533 Path traversal via Clean on Windows in path/filepath

On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean".\c:" returns "c:"...

Path Traversal

github.com/golang/go is vulnerable to Path Traversal. The vulnerability exists because the Clean function of path.go does not properly remove the . prefix when the file path contains :, allowing an attacker to access files outside the expected directory on windows...

Path Traversal

gogs.io/gogs is vulnerable to path traversal. The vulnerability exists in Clean function in pathutil.go due to lack of validations which allows a malicious attacker to delete and upload arbitrary files...

html-janitor cross-site scripting vulnerability

html-janitor is a module for controlling, cleaning up HTML. A cross-site scripting vulnerability exists in html-janitor. A remote attacker can exploit this vulnerability by sending attacker-controlled data to the 'clean' function to execute arbitrary JavaScript code...

Cross site scripting

html-janitor node module suffers from a Cross-Site Scripting XSS vulnerability via clean accepting user-controlled values...

CVE-2017-0931

html-janitor node module suffers from a Cross-Site Scripting XSS vulnerability via clean accepting user-controlled values...

Cross-Site Scripting

Overview Versions of html-janitor prior to 2.0.2 all current versions are vulnerable to cross-site scripting XSS. This is exploitable if user-controlled data is passed into the modules clean function. Recommendation No fix is currently available for this vulnerability. It is recommended to use an...

RedAxScript 1.1 SQL Injection

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...