PT-2026-35814

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function save settings of the file /admin/index.php?page=save settings. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. The exploit...

CVE-2025-12416 Pagerank Tools <= 1.1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Pagerank Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the prsavesettings function and insufficient input sanitization. This makes it possible for...

CVE-2025-10300

The TopBar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the fmenbtopbarsavesettings function. This makes it possible for unauthenticated attackers to update the plugin's settin...

WordPress plugin TopBar 跨站请求伪造漏洞

WordPress TopBar plugin is a plugin for adding a notification bar at the top of your website, mainly used to display messages, links or promotional content to help users attract attention and increase conversions. The WordPress TopBar plugin suffers from a cross-site request forgery vulnerability...

CVE-2024-46377

CVE-2024-46377 affects Best House Rental Management System 1.0. The vulnerability is an arbitrary file upload in the save_settings() function of rental/admin_class.php. Public sources (Red Hat advisory, CVE records, CNNVD, CVEList, and a GitHub exploit PoC) confirm an unrestricted upload path tha...

PT-2024-12465 · WordPress · The Bricks

Name of the Vulnerable Software and Affected Versions: The Bricks theme for WordPress versions up to, and including, 1.8.1 Description: The issue is due to missing or incorrect nonce validation on the save settings function, making it possible for unauthenticated attackers to modify the theme's...

PT-2024-38390 · Itsourcecode · Itsourcecode Airline Reservation System

Name of the Vulnerable Software and Affected Versions: itsourcecode Airline Reservation System version 1.0 Description: A critical issue has been found in the itsourcecode Airline Reservation System, where the save settings function in the admin/admin class.php file is affected. The manipulation ...

Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)

Summary The Home Preference page exposes a small list of nginx settings such as Nginx Access Log Path and Nginx Error Log Path. However, the API also exposes testconfigcmd, reloadcmd and restartcmd. While the UI doesn't allow users to modify any of these settings, it is possible to do so by sendi...