WordPress plugin Advanced Custom Fields 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Stored Cross-Site Scripting (XSS) in Assets and Nodes in Guardian/CMC before 26.0.0

Summary A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. Impact An authenticated user with custom fields privileges can define a malicious custom field containing a JavaScript payload. When the victi...

EUVD-2026-21998

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-34186

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-34186 SQL Injection in Custom Fields leads to Database Compromise

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-34186

The CVE-2026-34186 entry affects Pandora FMS versions 777–800, where an SQL Injection vulnerability arises from improper neutralization of special elements in custom fields. The root cause is unsafely constructed SQL in user-supplied fields, potentially enabling database compromise. The CVSS v4.0...

CVE-2026-34186 SQL Injection in Custom Fields leads to Database Compromise

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-34186

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800...

Pandora FMS 安全漏洞

Pandora FMS is a monitoring system developed by the American company Pandora FMS. This system provides visual monitoring of networks, servers, virtual infrastructure, and applications. There are security vulnerabilities in versions of Pandora FMS 800 and earlier. These vulnerabilities stem from...

PT-2026-32388

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-2305

CVE-2026-2305 : The AddFunc Head & Footer Code WordPress plugin (versions up to and including 2.3) is vulnerable to Stored Cross-Site Scripting via the post meta keys aFhfc_head_code, aFhfc_body_code, and aFhfc_footer_code. The vulnerability arises because these values are output without sanitiza...

CVE-2026-2305

The AddFunc Head & Footer Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the aFhfcheadcode, aFhfcbodycode, and aFhfcfootercode post meta values in all versions up to, and including, 2.3. This is due to the plugin outputting these meta values without any sanitization or...

WordPress AddFunc Head & Footer Code plugin <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom Fields vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin AddFunc Head & Footer Code versions = 2.3...

CVE-2026-3243 Advanced Members for ACF <= 1.2.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Path Traversal

The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the createcrop function in all versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, t...

CVE-2026-3243 Advanced Members for ACF <= 1.2.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Path Traversal

The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the createcrop function in all versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, t...

WordPress plugin Advanced Members for ACF 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

EUVD-2018-21692

PDF Explorer 1.5.66.2 contains a structured exception handler SEH overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH records with malicious data. Attackers can craft a payload with buffer overflow, NSEH jump, and ROP gadget chains that execute when the...

CVE-2026-4066

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and abov...

CVE-2026-4068

The Add Custom Fields to Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.3. This is due to missing nonce validation on the field deletion functionality in the admin display template. The plugin properly validates a nonce for the 'ad...

CVE-2018-25217

PDF Explorer 1.5.66.2 contains a structured exception handler SEH overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH records with malicious data. Attackers can craft a payload with buffer overflow, NSEH jump, and ROP gadget chains that execute when the...