CI4MS: Pages Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM XSS via Page Management Fields Persistent Payload Injection - Stored Cross-Site Scripting via Unsanitized Page Creation and Editing Inputs Description The application fails to properly sanitize user-controlled input within the Page Management functionality when...

CVE-2026-2386

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 6.4.7. This is due to the tpaecreatepage AJAX handler authorizing users only with...

WordPress plugin The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to th...

CVE-2021-27338

Faraday Edge before 3.7 allows XSS via the network/create/ page and its network name parameter...

CVE-2025-13358

The Accessiy By CodeConfig Accessibility plugin for WordPress is vulnerable to unauthorized page creation due to missing authorization checks in versions up to, and including, 1.0.0. This is due to the plugin not performing capability checks in the Settings::createPage function. This makes it...

CVE-2025-12229 projectworlds Expense Management System Roles Page create cross site scripting

A security flaw has been discovered in projectworlds Expense Management System 1.0. This affects an unknown function of the file /public/admin/roles/create of the component Roles Page. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit has been...

CVE-2025-12229 projectworlds Expense Management System Roles Page create cross site scripting

A security flaw has been discovered in projectworlds Expense Management System 1.0. This affects an unknown function of the file /public/admin/roles/create of the component Roles Page. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit has been...

EUVD-2021-14098

Malware in sbrugna...

EUVD-2021-30631

Malicious code in bioql PyPI...

appRain CMF SQL注入漏洞

appRain CMF is a content management framework. appRain CMF suffers from an SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the data%5BPage%5D%5Bname%5D parameter of /apprain/page/manage-static-pages/create. An attacker could use this...

Malicious code in qwilr-examples-create-page (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e0bbec32dcccb555fb5667a8f1cb7f4973512ac8acbea5261a4ff7d14a952476 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

FeehiCMS 代码问题漏洞

FeehiCMS is a content management system CMS based on the Yii2 framework, aiming to provide Yii2 enthusiasts with a full-featured CMS system so that developers can focus more on the development of business functions. A security vulnerability exists in FeehiCMS. The vulnerability is related to the...

FeehiCMS 代码问题漏洞

FeehiCMS is a Php based CMS website builder by Liufee personal developer. A code issue vulnerability exists in FeehiCMS version 2.1.1 and prior versions, which originates from an unverified file upload vulnerability in the Useravatar parameter of the /admin/index.php?r=user%2Fcreate file...

itsourcecode Laravel Property Management System 跨站脚本漏洞

Laravel Property Management System is an itsourcecode open source property management system. A cross-site scripting vulnerability exists in version 1.0 of itsourcecode Laravel Property Management System, which originates from a cross-site scripting vulnerability in the Note text parameter of the...

PT-2024-37725 · WordPress · Campaign Monitor

Name of the Vulnerable Software and Affected Versions: Campaign Monitor for WordPress plugin for WordPress versions up to, and including, 2.8.15 Description: The issue is due to the plugin not properly restricting direct access to "/forms/views/admin/create.php" and display errors being enabled...

WordPress plugin Cost Calculator Builder security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-32343

A cross-site scripting XSS vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter...

CVE-2024-32343

A cross-site scripting XSS vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter...

PT-2024-24521 · Boidcms · Boidcms

Name of the Vulnerable Software and Affected Versions: Boid CMS version 2.1.0 Description: A cross-site scripting XSS vulnerability in the Create Page of Boid CMS allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter. Recommendations...

PT-2024-24522 · Boidcms · Boidcms

Name of the Vulnerable Software and Affected Versions: Boid CMS version 2.1.0 Description: A cross-site scripting XSS vulnerability in the Create Page of Boid CMS allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter. Recommendations:...