EUVD-2019-20179

WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title field. Attackers can submit POST requests to the post editing endpoint with script payloads in the...

CVE-2019-25743 WordPress Soliloquy Lite 2.5.6 Persistent Cross-Site Scripting

WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title field. Attackers can submit POST requests to the post editing endpoint with script payloads in the...

CVE-2026-4248

The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.2. This is due to the 'usermeta:passwordresetlink' template tag being processed within post content via the 'umloggedin' shortcode, which generates a valid password...

EUVD-2025-9861

Malicious code in bioql PyPI...

CVE-2025-32156

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Alex Prokopenko / JustCoded Just Post Preview Widget just-post-preview allows PHP Local File Inclusion.This issue affects Just Post Preview Widget: from n/a through = 1.1.1...

CVE-2025-32156

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Alex Prokopenko / JustCoded Just Post Preview Widget just-post-preview allows PHP Local File Inclusion.This issue affects Just Post Preview Widget: from n/a through = 1.1.1...

CVE-2025-32156

CVE-2025-32156 affects the WordPress plugin Just Post Preview Widget (up to version 1.1.1). Root cause: Improper control/validation of filenames used in PHP include/require statements, enabling a local file inclusion (LFI) vulnerability. Impact per CVSS: High (CVE-2025-32156) with potential expos...

PT-2025-14942 · Unknown · Just Post Preview Widget

Name of the Vulnerable Software and Affected Versions: Just Post Preview Widget versions 1.1.1 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' or PHP Local File Inclusion. This...

WordPress plugin Just Post Preview Widget 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2022-16117 · Nimforum · Nimforum

Name of the Vulnerable Software and Affected Versions: Nimforum versions prior to 2.2.0 Description: The issue allows any forum user to create a new thread or post that includes a reference to a local file on the host operating system. Nimforum will render the file if possible. This can be done...

WordPress: Stored XSS in Post Preview as Contributor

Root cause I noticed that the getthecontent makes a pregreplacecallback after all other validation and sanitization has been performed. function getthecontent $morelinktext = null, $stripteaser = false global $page, $more, $preview, $pages, $multipage; $post = getpost; ... if $preview // Preview...