PT-2026-26473

Summary WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The clean title field of a video record is interpolated directly into a JavaScript string literal without any escaping, allowing an attacker who can create or modify a video to...

WordPress plugin SpiderContacts 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PKP Open Journals System Cross-Site Scripting Vulnerability

PKP Open Journals System is a journal system. A cross-site scripting vulnerability exists in PKP Open Journals System prior to version 3.3.0-16, which stems from the fact that certain inputs are not escaped and can be exploited by an attacker to inject malicious script into a web site...

CVE-2023-0600

The WP Visitor Statistics Real Time Traffic WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks...