CVE-2026-3572 iTracker360 <= 2.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'itracker_license' Settings Field

The iTracker360 plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting in all versions up to and including 2.2.0. This is due to missing nonce verification on the settings form submission and insufficient input sanitization combined with missing...

CVE-2026-3572

The CVE-2026-3572 entry concerns the iTracker360 WordPress plugin (versions up to 2.2.0). It describes a vulnerability where Cross-Site Request Forgery can lead to Stored Cross-Site Scripting via the itracker_license settings field. Root cause is missing nonce verification on settings form submis...

CVE-2021-28183

The specific function in ASUS BMC’s firmware Web management page Web License configuration setting does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the...