42 matches found
WordPress plugin Stumble! for WordPress 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site scriptin...
PT-2025-51876
Name of the Vulnerable Software and Affected Versions SLiMS slims9 bulian versions prior to 9.6.0 Description The software contains a reflected cross-site scripting XSS issue due to improper handling of the $ SERVER'PHP SELF' variable in the index.php/sysconfig.inc.php file. This allows a remote...
CVE-2025-14125
The Complag plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-14132
The Category Dropdown List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-14129
The Like DisLike Voting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-13988
The 评论小秘书 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.3.2. This is due to insufficient input sanitization and output escaping on the $SERVER'PHPSELF' variable in the plugin's settings page. This mak...
CVE-2025-14138
CVE-2025-14138 : WPLG Default Mail From (WordPress) is vulnerable to Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] in all versions up to 1.0.0. Affected: WordPress plugin WPLG Default Mail From; exploitation possible by tricking an authenticated? no—un/authenticated user? The descriptio...
CVE-2025-13988 评论小秘书 <= 1.3.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
The 评论小秘书 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.3.2. This is due to insufficient input sanitization and output escaping on the $SERVER'PHPSELF' variable in the plugin's settings page. This mak...
CVE-2025-14129 Like DisLike Voting <= 1.0.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
The Like DisLike Voting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-14129 Like DisLike Voting <= 1.0.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
The Like DisLike Voting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
PT-2025-50842
The 评论小秘书 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $ SERVER'PHP SELF' variable in all versions up to, and including, 1.3.2. This is due to insufficient input sanitization and output escaping on the $ SERVER'PHP SELF' variable in the plugin's settings page. This...
PT-2025-50852
The Complag plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $ SERVER'PHP SELF' variable in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-13894
The CSV Sumotto plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-1949
A vulnerability, which was classified as problematic, has been found in ZZCMS 2025. This issue affects some unknown processing of the file /3/ucenterapi/code/registernodb.php of the component URL Handler. The manipulation of the argument $SERVER'PHPSELF' leads to cross site scripting. The attack...
PT-2023-10821 · Unknown · Mobiledetect
Name of the Vulnerable Software and Affected Versions: MobileDetect version 2.8.31 Description: A problematic issue has been found in MobileDetect, affecting the initLayoutType function of the examples/session example.php file in the Example component. The manipulation of the argument $ SERVER'PH...
PT-2022-27234
Name of the Vulnerable Software and Affected Versions sproctor php-calendar affected versions not specified Description A problematic vulnerability was found in sproctor php-calendar, affecting an unknown part of the file index.php. The manipulation of the argument $ SERVER'PHP SELF' leads to cro...
PHP-Calendar 跨站脚本漏洞
PHP-Calendar is a calendar application by Sean Proctor Individual Developer. PHP-Calendar suffers from a code injection vulnerability that originates in an unknown section of the component index.php, where manipulation of the parameter $SERVER PHPSELF can lead to cross-site scripting...
Cross-site Scripting (XSS)
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via crafted PATHINFO in a URL. An attacker can inject arbitrary code by manipulating the unsanitized $SERVER'PHPSELF' used to generate URLs. Details Cross-site scriptin...
CVE-2021-38332
The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1...
CVE-2021-38327
The YouTube Video Inserter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /adminUI/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.1.0...