WordPress plugin I Draw 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

CVE-2025-3565

A vulnerability classified as critical was found in huanfenz/code-projects StudentManager 1.0. This vulnerability affects unknown code of the file /upload/uploadArticle.do of the component Announcement Management Section. The manipulation of the argument File leads to unrestricted upload. The...

Kentico Xperience cross-site scripting vulnerability (CNVD-2026-05132)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to allow an authenticated user to distribute malicious content via specific interactions with the media library file upload...

SourceCodester Company Website CMS 安全漏洞

SourceCodester Company Website CMS is an open source content management system from SourceCodester. A security vulnerability exists in SourceCodester Company Website CMS version 1.0, which stems from the portfolio feature not properly validating uploaded files, which could result in arbitrary fil...

📄 Teedy 1.11 Cross Site Scripting

Teedy version 1.11 suffers from a persistent cross site scripting vulnerability. Exploit Title: Teedy 1.11 - Account Takeover via Stored Cross-Site Scripting XSS Exploit Author: Ayato Shitomi @ Fore-Z co.ltd Demo Video: https://www.youtube.com/watch?v=udQgVogsmhA Vendor Homepage: https://teedy.io...

WordPress plugin WP-Advanced-Search 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

CicadasCMS 安全漏洞

CicadasCMS is a content management framework developed based on SpringBoot Mybatis SpringSecurity Vue by westboy Individual Developer in China. A security vulnerability exists in CicadasCMS version 1.0, which stems from improper manipulation of the parameter File in file/upload, which could lead ...

Echo 跨站脚本漏洞

Echo is an open source community system for Veal98 individual developers that does not separate front and back ends. A cross-site scripting vulnerability exists in Echo version 4.2, which stems from improper manipulation of the parameter editormd-image-file in the file /discuss/uploadMdPic, which...

CVE-2025-2541

The WP Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

CVE-2025-2575

The Z Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

CVE-2025-3115

Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code...

CVE-2025-2575

The Z Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

CVE-2025-2575 Z Companion <= 1.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Z Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

WordPress plugin Accessibility Suite by Online ADA 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

PT-2025-15983 · Github +1 · Github Gist +1

Name of the Vulnerable Software and Affected Versions: HedgeDoc versions prior to 1.10.3 Description: The issue arises when a malicious SVG file is uploaded to HedgeDoc, potentially leading to cross-site scripting XSS when the file is opened in a new tab. This is possible due to the exploitation ...

CVE-2025-3115

Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code...

CVE-2025-3115

CVE-2025-3115 involves TIBCO Spotfire data functions with injection vulnerabilities and insufficient validation of filenames during file uploads, enabling potential arbitrary code execution. Connected sources indicate this is a high-severity issue (CVSS 3.1/4.0, CRITICAL) affecting Spotfire compo...

CVE-2025-3115 Spotfire Data Function Vulnerability

Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code...

CVE-2025-3100

The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping...

CVE-2025-3100

CVE-2025-3100 refers to a Stored Cross-Site Scripting (XSS) vulnerability in the WP Project Manager plugin for WordPress. The issue arises from insufficient input sanitization and output escaping in the tasks discussion, enabling an authenticated user with Subscriber-level access (and those grant...