159 matches found
CVE-2025-25967
Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery CSRF. This flaw enables attackers to trick authenticated users into performing unauthorized actions, such as account deletion or user creation, by embedding malicious requests in external content. The lack of CSRF protections...
CVE-2025-25133 WordPress WP Frontend Submit Plugin <= 1.1.0 - Reflected Cross-Site Scripting vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in newbiesup WP Frontend Submit wp-frontend-submit allows Reflected XSS.This issue affects WP Frontend Submit: from n/a through = 1.1.0...
CVE-2025-23575
The CVE-2025-23575 entry concerns the WordPress DX Sales CRM plugin (versions
CVE-2025-25967
CVE-2025-25967 affects Acora CMS 10.1.1, where a Cross-Site Request Forgery (CSRF) vulnerability allows an attacker to trick authenticated users into performing unauthorized actions by embedding malicious requests in external content. The lack of CSRF protections is the root cause. According to t...
[SECURITY] Fedora 41 Update: xorg-x11-server-21.1.16-1.fc41
X.Org X11 X server...
Malicious code in archon3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f41e5d885f763c61c81992425c2af8b214f779099c56d091fa0c938e713b44b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-25351
PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the dateexpense parameter...
WordPress WP Email Newsletter plugin <= 1.1 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin WP Email Newsletter versions = 1.1...
CVE-2025-23495
CVE-2025-23495 is a reflected Cross-Site Scripting vulnerability in the NotFound WooCommerce Order Search plugin for WordPress. The description indicates Improper Neutralization of Input During Web Page Generation, enabling reflected XSS. Affected range: WooCommerce Order Search plugins from n/a ...
CVE-2025-23702
Cross-Site Request Forgery CSRF vulnerability in Schalk Burger Anonymize Links anonymize-links allows Stored XSS.This issue affects Anonymize Links: from n/a through = 1.1...
WordPress Cyber Slider plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Cyber Slider versions = 1.1...
WordPress BizLibrary plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin BizLibrary versions = 1.1...
WordPress SetMore Theme – Custom Post Types plugin <= 1.1 - Stored Cross Site Scripting (XSS) vulnerability
Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin SetMore Theme – Custom Post Types versions = 1.1...
WordPress Tock Widget Plugin <= 1.1 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by 0xd4rk5id3 Patchstack Alliance in WordPress Plugin Tock Widget versions = 1.1...
Smarts Smart Agent 安全漏洞
Smarts Smart Agent is a powerful, flexible and extensible tool from Smarts for monitoring wireless network performance and services from the end user's perspective. A security vulnerability exists in Smarts Smart Agent version v1.1.0, which originates from the /youtubeInfo.php page containing a...
WordPress plugin MDC Comment Toolbar 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
WordPress Simple Booking – Widget plugin <= 1.1 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Simple Booking Widget versions = 1.1...
WordPress 404 Error Monitor plugin <= 1.1 - Cross-Site Request Forgery to Plugin Settings Update vulnerability
Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by Francesco Carlucci in WordPress Plugin 404 Error Monitor versions = 1.1...
SAP NetWeaver 安全漏洞
SAP NetWeaver is a set of integrated service-oriented application platforms from SAP, Germany. The platform provides a development and runtime environment for SAP applications. A security vulnerability exists in SAP NetWeaver version 1.1. The vulnerability stems from the fact that when a software...
WordPress Brand my Footer plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Brand my Footer versions = 1.1...