4 matches found
CVE-2026-3885 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_box Shortcode
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'subox' shortcode in all versions up to, and including, 7.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-7493
A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA...
WordPress Z Y N I T H plugin <= 7.4.9 - Unauthenticated Plugin Settings Change vulnerability
Unauthenticated Plugin Settings Change vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Z Y N I T H versions = 7.4.9...
CVE-2020-25095
LogRhythm Platform Manager PM 7.4.9 allows CSRF. The Web interface is vulnerable to Cross-site WebSocket Hijacking CSWH. If a logged-in PM user visits a malicious site in the same browser session, that site can perform a CSRF attack to create a WebSocket from the victim client to the vulnerable P...