CVE-2025-14000 Membership Plugin – Restrict Content <= 3.2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'registerform' and 'restrict' shortcodes in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping on user supplied attributes...

WordPress plugin Membership Plugin – Restrict Content 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based...

PT-2025-52735

Name of the Vulnerable Software and Affected Versions Membership Plugin – Restrict Content versions up to and including 3.2.15 Description The Membership Plugin – Restrict Content plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'register form' and 'restrict'...

WordPress Membership Plugin – Restrict Content plugin <= 3.2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcodes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Restrict Content versions = 3.2.15...

PT-2025-52563

Name of the Vulnerable Software and Affected Versions Tenda FH1201 version 1.2.0.14408 Description A stack-based buffer overflow exists in the sprintf function within the /goform/SetIpBind file of the Tenda FH1201 router. Manipulation of the page argument can trigger this issue, allowing for remo...

CVE-2025-64244

Missing Authorization vulnerability in Codexpert, Inc Restrict Elementor Widgets, Columns and Sections restrict-elementor-widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restrict Elementor Widgets, Columns and Sections: from n/a through = 1.12...

EUVD-2025-203606

Missing Authorization vulnerability in Codexpert, Inc Restrict Elementor Widgets, Columns and Sections restrict-elementor-widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restrict Elementor Widgets, Columns and Sections: from n/a through = 1.12...

CVE-2025-64244

Missing Authorization vulnerability in Codexpert, Inc Restrict Elementor Widgets, Columns and Sections restrict-elementor-widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restrict Elementor Widgets, Columns and Sections: from n/a through = 1.12...

CVE-2025-64244

CVE-2025-64244 : WordPress plugin Restrict Elementor Widgets, Columns and Sections (restrict-elementor-widgets)

CVE-2025-64244 WordPress Restrict Elementor Widgets, Columns and Sections plugin <= 1.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Codexpert, Inc Restrict Elementor Widgets, Columns and Sections restrict-elementor-widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restrict Elementor Widgets, Columns and Sections: from n/a through = 1.12...

CVE-2025-64244 WordPress Restrict Elementor Widgets, Columns and Sections plugin <= 1.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Codexpert, Inc Restrict Elementor Widgets, Columns and Sections restrict-elementor-widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restrict Elementor Widgets, Columns and Sections: from n/a through = 1.12...

WordPress plugin Restrict Elementor Widgets, Columns and Sections 安全漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...

PT-2025-51392

Name of the Vulnerable Software and Affected Versions Restrict Elementor Widgets, Columns and Sections versions through 1.12 Description The Restrict Elementor Widgets, Columns and Sections software contains a missing authorization issue. This allows exploitation due to incorrectly configured...

WordPress Restrict Elementor Widgets, Columns and Sections plugin <= 1.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by MD ISMAIL in WordPress Plugin Restrict Elementor Widgets, Columns and Sections versions = 1.12...

EUVD-2025-200322

NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest...

PT-2025-48777

Name of the Vulnerable Software and Affected Versions NMIS/BioDose versions prior to V22.02 Description NMIS/BioDose versions prior to V22.02 utilize a shared SQL Server user account for database access. Client application user access is controlled by password authentication within the client...

CVE-2025-9625

The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the coil-get-css-selector parameter handling in the mayberestrictcontent function. This makes it possible...

EUVD-2025-197947

The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the coil-get-css-selector parameter handling in the mayberestrictcontent function. This makes it possible...

CVE-2025-9625

Affected software: WordPress Coil Web Monetization plugin. Vulnerability: Cross-Site Request Forgery due to missing/incorrect nonce validation on the coil-get-css-selector handling in the maybe_restrict_content function. Impact: Unauthenticated attackers can trigger CSS selector detection functio...

PT-2025-47296

Name of the Vulnerable Software and Affected Versions WinPlus version 24.11.27 Description An issue exists in WinPlus that allows for the upload of dangerous file types. An attacker can upload a 'webshell' by sending a POST request to the ''/WinplusPortal/ws/sWinplus.svc/json/uploadfile'' endpoin...