WordPress plugin Tutor LMS Elementor Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin ListingPro Lead Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin Advanced FAQ Manager 跨站脚本漏洞

The WordPress Advanced FAQ Manager plugin is a plugin designed for WordPress websites to help users easily create, manage and display Frequently Asked Questions FAQ pages. The WordPress Advanced FAQ Manager plugin suffers from a cross-site scripting vulnerability that stems from improper input...

WordPress plugin Multi-Step Checkout for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin WPLMS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-sit...

WordPress plugin The7 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin LearnPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2025-50075

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in muffingroup Betheme betheme allows DOM-Based XSS.This issue affects Betheme: from n/a through = 28.1.7...

TalentSoft e-BAP Automation 跨站脚本漏洞

TalentSoft e-BAP Automation is an enterprise management automation platform from TalentSoft Turkey. A cross-site scripting vulnerability exists in TalentSoft e-BAP Automation version 1.8.96 up to and including v.41815, which stems from improper input neutralization and could lead to cross-site...

Phoenix Contact FL SWITCH 跨站脚本漏洞

The PHOENIX CONTACT FL SWITCH is an industrial grade Ethernet switch from PHOENIX CONTACT, Germany. A cross-site scripting vulnerability exists in Phoenix Contact FL SWITCH versions prior to 3.50, which originates from improper input neutralization during web page generation...

PT-2025-49863

Name of the Vulnerable Software and Affected Versions TalentSoft Software e-BAP Automation versions 1.8.96 through 41815 Description The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Cross-Site Scripting XSS. This means that malicious...

CVE-2025-13936

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS Tigerpaw Technology Integration module allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 ...

CVE-2025-13505

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting', Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Datateam Information Technologies Inc. Datactive allows Stored XSS.This issue affects Datactive: from 2.13.34...

Open Solution QuickCMS SQL注入漏洞

Open Solution QuickCMS is an Open Solution open source content management system. Open Solution QuickCMS suffers from a SQL injection vulnerability that stems from improper neutralization of elevated user input, which could lead to a blind SQL injection attack...

CVE-2025-13835 WordPress Arconix Shortcodes plugin <= 2.1.20 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tychesoftwares Arconix Shortcodes arconix-shortcodes allows Stored XSS.This issue affects Arconix Shortcodes: from n/a through = 2.1.20...

Revive Adserver banner-zone.php script cross-site scripting vulnerability

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...

Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2025-29419)

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...

Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2025-29420)

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...

CVE-2025-66081

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr Head Meta Data head-meta-data allows Stored XSS.This issue affects Head Meta Data: from n/a through = 20250327...

CVE-2025-52668

Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack...