729 matches found
CVE-2026-1675 Advanced Country Blocker <= 2.3.1 - Unauthenticated Authorization Bypass via Insecure Default Secret Key
The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including, 2.3.1 due to the use of a predictable default value for the secret bypass key created during installation without requiring users to change it. This makes it possible for...
WordPress plugin Advanced Country Blocker 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-6896
Name of the Vulnerable Software and Affected Versions Advanced Country Blocker plugin for WordPress versions prior to 2.3.2 Description The Advanced Country Blocker plugin for WordPress is susceptible to an authorization bypass. This is due to the use of a predictable default value for the secret...
WordPress Advanced Country Blocker plugin <= 2.3.1 - Unauthenticated Authorization Bypass via Insecure Default Secret Key vulnerability
Unauthenticated Authorization Bypass via Insecure Default Secret Key vulnerability discovered by Hector Flores in WordPress Plugin Advanced Country Blocker versions = 2.3.1...
WordPress GeoDataSource Country Region DropDown plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin GeoDataSource Country Region DropDown versions = 1.0.1...
CVE-2025-41024
Stored Cross-Site Scripting XSS in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned identifiers is as follows: 'companyaddress', 'companyemail', 'companyname', 'country', 'mobilenumbe...
CVE-2025-41024
Stored Cross-Site Scripting XSS in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned identifiers is as follows: 'companyaddress', 'companyemail', 'companyname', 'country',...
CVE-2025-41024
CVE-2025-41024 affects Poultry Farm Management System v1.0. Stored XSS arises from insufficient validation of POST input in /farm/farmprofile.php, specifically for parameters: companyaddress, companyemail, companyname, country, mobilenumber, and regno. Root cause: lack of proper input validation ...
CVE-2025-41024 Stored Cross-Site Scripting in Poultry Farm Management System
Stored Cross-Site Scripting XSS in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned identifiers is as follows: 'companyaddress', 'companyemail', 'companyname', 'country',...
PT-2026-3550
Name of the Vulnerable Software and Affected Versions Poultry Farm Management System version 1.0 Description A stored Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data when a POST request is made. The following parameters in the '/farm/farmprofile.php'...
CVE-2022-0246
The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by uploading a zip file. After the uploading process, files in the uploaded zip file are extracted one...
CVE-2025-13694
The AA Block Country plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.0.1. This is due to the plugin trusting user-supplied headers such as HTTPXFORWARDEDFOR to determine the client's IP address without proper validation or considering if the server is...
CVE-2025-13694
The AA Block Country plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.0.1. This is due to the plugin trusting user-supplied headers such as HTTPXFORWARDEDFOR to determine the client's IP address without proper validation or considering if the server is...
WordPress AA Block country plugin <= 1.0.1 - Unauthenticated IP Address Spoofing via X-Forwarded-For Header vulnerability
Unauthenticated IP Address Spoofing via X-Forwarded-For Header vulnerability discovered by Ivan Cese in WordPress Plugin AA Block country versions = 1.0.1...
CVE-2025-13694 AA Block country <= 1.0.1 - Unauthenticated IP Address Spoofing via X-Forwarded-For Header
The AA Block Country plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.0.1. This is due to the plugin trusting user-supplied headers such as HTTPXFORWARDEDFOR to determine the client's IP address without proper validation or considering if the server is...
CVE-2025-1361
The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information Exposure in all versions up to, and including, 2.38.8 due to missing capability checks on the admininit function. This makes it possible for unauthenticated attackers to view the plugin's settings...
WordPress plugin AA Block Country 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
CVE-2025-65300
A stored Cross-Site Scripting XSS vulnerability exists in the Coohom SaaS Platform feVersion=1760060603897 2025-10-28 in the Account Settings module, where unsanitized user input in Address fields City, State, Country/Region is rendered back to the page. Attackers can inject arbitrary JavaScript...
CVE-2025-65300
A stored Cross-Site Scripting XSS vulnerability exists in the Coohom SaaS Platform feVersion=1760060603897 2025-10-28 in the Account Settings module, where unsanitized user input in Address fields City, State, Country/Region is rendered back to the page. Attackers can inject arbitrary JavaScript...
CVE-2025-65300
A stored Cross-Site Scripting XSS vulnerability exists in the Coohom SaaS Platform feVersion=1760060603897 2025-10-28 in the Account Settings module, where unsanitized user input in Address fields City, State, Country/Region is rendered back to the page. Attackers can inject arbitrary JavaScript...