EUVD-2025-11603

Malicious code in bioql PyPI...

GUI Issue - Unbinding the LogAction from Rewrite policy fails from GUI but works from Cli

Re-Write Policy is configured with a Log Action bound to it. When the Log Action is removed from the policy via the GUI, the policy is not actually removed. After hitting 'OK', there's no error, and the Log Action is still bound when checked again...

CVE-2025-24619

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webheadcoder WP Log Action wp-log-action allows Reflected XSS.This issue affects WP Log Action: from n/a through = 0.51...

CVE-2025-24619

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webheadcoder WP Log Action wp-log-action allows Reflected XSS.This issue affects WP Log Action: from n/a through = 0.51...

CVE-2025-24619 WordPress WP Log Action Plugin <= 0.51 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webheadcoder WP Log Action wp-log-action allows Reflected XSS.This issue affects WP Log Action: from n/a through = 0.51...

PT-2025-17037 · WordPress · Webheadcoder Wp Log Action

Name of the Vulnerable Software and Affected Versions: webheadcoder WP Log Action versions 0.51 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attacker...

WordPress plugin WP Log Action 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-1972 · WordPress · W2S – Migrate Woocommerce To Shopify

Name of the Vulnerable Software and Affected Versions: W2S – Migrate WooCommerce to Shopify plugin for WordPress versions up to, and including, 1.2.1 Description: The issue allows authenticated attackers with Subscriber-level access and above to read the contents of arbitrary files on the server...

PT-2025-2236 · WordPress · Ecpay Ecommerce For Woocommerce

Name of the Vulnerable Software and Affected Versions: ECPay Ecommerce for WooCommerce plugin for WordPress versions up to, and including, 1.1.2411060 Description: The issue is related to a missing capability check on the 'clear ecpay debug log' AJAX action. This allows authenticated attackers wi...

WordPress WP Log Action Plugin <= 0.51 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WP Log Action versions = 0.51...

CVE-2017-11738

In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack...

Fedora 20 : mediawiki-1.23.7-1.fc20 (2014-16033)

http://www.mediawiki.org/wiki/Releasenotes/1.23MediaWiki1.23.7 - bug 66776, bug 71478 SECURITY: User PleaseStand reported a way to inject code into API clients that used format=php to process pages that underwent flash policy mangling. This was fixed along with improving how the mangling was done...

Fedora 19 : mediawiki-1.23.7-1.fc19 (2014-16020)

http://www.mediawiki.org/wiki/Releasenotes/1.23MediaWiki1.23.7 - bug 66776, bug 71478 SECURITY: User PleaseStand reported a way to inject code into API clients that used format=php to process pages that underwent flash policy mangling. This was fixed along with improving how the mangling was done...