4441 matches found
GO-2025-3982 Rancher sends sensitive information to external services through the `/meta/proxy` endpoint in github.com/rancher/rancher
Rancher sends sensitive information to external services through the /meta/proxy endpoint in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...
CVE-2025-49907
Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through = 1.3.3.9...
CVE-2025-62069
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter.This issue affects MDTF: from n/a through = 1.3.3.8...
CVE-2025-11867
The Bg Book Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the bookauthor post meta, rendered through the bookauthor shortcode, in all versions up to, and including, 1.25. This is due to the plugin not properly escaping the meta value before output. This makes it...
CVE-2025-5983
The Meta Tag Manager WordPress plugin before 3.3 does not restrict which roles can create http-equiv refresh meta tags...
WordPress Meta Tag Manager plugin < 3.3 - Contributor+ Open Redirect vulnerability
Contributor+ Open Redirect vulnerability discovered by Pierre Rudloff in WordPress Plugin Meta Tag Manager versions 3.3...
EUVD-2025-35547
Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through = 1.3.3.9...
CVE-2025-62069
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter.This issue affects MDTF: from n/a through = 1.3.3.8...
CVE-2025-49907
Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through = 1.3.3.9...
CVE-2025-62069
CVE-2025-62069 concerns the MDTF – Meta Data and Taxonomies Filter (WordPress plugin) for RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter. The vulnerability is an XSS issue caused by improper input neutralization during web page generation, affecting MDTF versions from n/a up to and inclu...
CVE-2025-49907 WordPress MDTF plugin <= 1.3.3.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through = 1.3.3.9...
CVE-2025-49907
CVE-2025-49907 affects the MDTF (Meta Data and Taxonomies Filter) WordPress plugin RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter, specifically versions <= 1.3.3.9. The issue is a Missing Authorization / Broken Access Control vulnerability allowing improper access control, as describe...
CVE-2025-11867
The Bg Book Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the bookauthor post meta, rendered through the bookauthor shortcode, in all versions up to, and including, 1.25. This is due to the plugin not properly escaping the meta value before output. This makes it...
EUVD-2025-35334
The Bg Book Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the bookauthor post meta, rendered through the bookauthor shortcode, in all versions up to, and including, 1.25. This is due to the plugin not properly escaping the meta value before output. This makes it...
CVE-2025-11867 Bg Book Publisher <= 1.25 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Bg Book Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the bookauthor post meta, rendered through the bookauthor shortcode, in all versions up to, and including, 1.25. This is due to the plugin not properly escaping the meta value before output. This makes it...
CVE-2025-11867 Bg Book Publisher <= 1.25 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Bg Book Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the bookauthor post meta, rendered through the bookauthor shortcode, in all versions up to, and including, 1.25. This is due to the plugin not properly escaping the meta value before output. This makes it...
CVE-2025-11867
CVE-2025-11867 corresponds to Bg Book Publisher for WordPress. The WordPress plugin is vulnerable to a Stored Cross-Site Scripting (XSS) via the post meta field book_author, which is rendered through the [book_author] shortcode. Affected versions are all versions up to and including 1.25. The vul...
EUVD-2025-35355
The Meta Tag Manager WordPress plugin before 3.3 does not restrict which roles can create http-equiv refresh meta tags...
CVE-2025-5983
The Meta Tag Manager WordPress plugin before 3.3 does not restrict which roles can create http-equiv refresh meta tags...
CVE-2025-5983 Meta Tag Manager < 3.3 - Contributor+ Open Redirect
The Meta Tag Manager WordPress plugin before 3.3 does not restrict which roles can create http-equiv refresh meta tags...