PT-2025-5553 · Unknown · Kb Support

Name of the Vulnerable Software and Affected Versions: KB Support versions 1.6.7 and earlier Description: The issue is related to a URL redirection to an untrusted site, also known as an "Open Redirect" problem. This allows an attacker to redirect users to a malicious website. Recommendations: Fo...

CVE-2024-11090

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.13 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have bee...

WordPress plugin Membership Plugin – Restrict Content 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. An information disclosure vulnerabili...

PT-2025-1821 · Woocommerce · Wc Affiliate

Name of the Vulnerable Software and Affected Versions: WC Affiliate – A Complete WooCommerce Affiliate Plugin versions up to, and including, 2.4 Description: The issue is related to Reflected Cross-Site Scripting, which occurs due to insufficient input sanitization and output escaping. This allow...

PT-2025-1619 · WordPress · Membership Plugin – Restrict Content

Name of the Vulnerable Software and Affected Versions: The Membership Plugin – Restrict Content plugin for WordPress versions up to, and including, 3.2.13 Description: The issue allows unauthenticated attackers to extract sensitive data from posts restricted to higher-level roles, such as...

PT-2025-2428

Name of the Vulnerable Software and Affected Versions: IBM Control Center versions 6.2.1 through 6.3.1 Description: The issue is related to an observable discrepancy in responses to incoming requests, which could allow a remote attacker to enumerate usernames. This discrepancy may enable...

PT-2025-2430 · Ibm · Ibm Analytics Content Hub

Name of the Vulnerable Software and Affected Versions: IBM Analytics Content Hub version 2.0 Description: The issue is related to the mechanism of forming error reports in IBM Analytics Content Hub, which could allow a remote attacker to obtain sensitive information when a detailed technical erro...

CVE-2025-24610

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Christian Leuenberg Restrict Anonymous Access restrict-anonymous-access allows Stored XSS.This issue affects Restrict Anonymous Access: from n/a through = 1.2...

CVE-2025-24610 WordPress Restrict Anonymous Access Plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Christian Leuenberg Restrict Anonymous Access restrict-anonymous-access allows Stored XSS.This issue affects Restrict Anonymous Access: from n/a through = 1.2...

WordPress Restrict Anonymous Access Plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Restrict Anonymous Access versions = 1.2...

PT-2025-4008 · Joeybling · Bootplus

Name of the Vulnerable Software and Affected Versions: JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d Description: A critical vulnerability has been found in JoeyBling bootplus. The issue affects an unknown functionality of the file /admin/sys/role/list. The manipulation of the...

PT-2025-4013 · Joeybling · Bootplus

Name of the Vulnerable Software and Affected Versions: JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d Description: A problematic issue was found in the qrCode function of the QrCodeController.java file. The manipulation of the w/h argument leads to resource consumption. This...

WordPress plugin Restrict Anonymous Access 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

PT-2025-5425 · Patreon · Patreon Wordpress

Name of the Vulnerable Software and Affected Versions: Patreon WordPress versions 1.9.1 and earlier Description: The issue is related to missing authorization, allowing exploitation of incorrectly configured access control security levels. Recommendations: For versions 1.9.1 and earlier, update t...

PT-2025-5445 · Unknown · Restrict Anonymous Access

Name of the Vulnerable Software and Affected Versions: Restrict Anonymous Access versions 1.2 and earlier Description: The issue is related to improper neutralization of input during web page generation, which can lead to Cross-site Scripting XSS. Specifically, it is a Stored XSS vulnerability...

PT-2025-4591 · Coolify · Coolify

Name of the Vulnerable Software and Affected Versions: Coolify versions 4.0.0-beta.18 through 4.0.0-beta.252 Description: A vulnerability in the execution of commands on remote servers allows an authenticated user to execute arbitrary code on the local Coolify container, gaining access to data an...

PT-2025-5266 · Coolify · Coolify

Name of the Vulnerable Software and Affected Versions: Coolify versions prior to 4.0.0-beta.380 Description: Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. The issue arises when the tags page allows users to search for tags. If the search does...

PT-2025-2608 · Ibm · Ibm Cognos Dashboards

Name of the Vulnerable Software and Affected Versions: IBM Cognos Dashboards versions 4.0.7 through 5.0.0 Description: The issue is related to dependency confusion, allowing a remote attacker to perform unauthorized actions. This could potentially lead to privilege escalation. Recommendations: Fo...

PT-2025-5432 · WordPress · Woocommerce Product Table Lite

Name of the Vulnerable Software and Affected Versions: WooCommerce Product Table Lite versions 3.8.7 and earlier Description: The issue is related to a lack of authorization in WooCommerce Product Table Lite, allowing the exploitation of incorrectly configured access control security levels...

PT-2025-4014 · Joeybling · Bootplus

Name of the Vulnerable Software and Affected Versions: JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d Description: A vulnerability has been found in the qrCode function of the file src/main/java/io/github/controller/QrCodeController.java. The manipulation of the text argument...