CVE-2025-7957

The CVE-2025-7957 entry concerns the WordPress ShortcodeHub plugin (MultiPurpose Shortcode Builder). It is a Stored Cross-Site Scripting (XSS) vulnerability via the author_link_target parameter in all versions up to 1.7.1, allowing authenticated attackers with Contributor+ privileges to inject sc...

WordPress plugin The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress 代码注入漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin The Paid Membership Plugi...

CVE-2022-29858

Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content...

DRUPAL-CONTRIB-2025-028

This module enables users to log in using a short access code instead of providing a username/password combination. The module doesn't sufficiently protect against brute force attacks to guess a user's access code. This vulnerability is mitigated by the fact that access code based logins are off ...

WordPress plugin Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in WordPress plugin...

WordPress plugin Global Gallery 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...

PT-2025-1886 · WordPress · Brodos.Net Onlineshop Plugin

Name of the Vulnerable Software and Affected Versions: brodos.net Onlineshop Plugin plugin for WordPress versions up to, and including, 2.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'BrodosCategory' shortcode due to insufficient input sanitization and...

[SECURITY] Fedora 38 Update: python-fastapi-0.99.0-7.fc38

FastAPI is a modern, fast high-performance, web framework for building APIs with Python 3.7+ based on standard Python type hints. The key features are: =EF=BF=BD=EF=BF=BD=EF=BF=BD Fast: Very high performance, on par with NodeJS and Go thanks to Starlette and Pydantic. One of the fastest Python...

WordPress Plugin News Announcement Scroll Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Plugin Popup with fancybox Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress plugin real.Kit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin WoodMart 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An input validation error...

WordPress File Upload Free and Pro plugin path traversal vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL server set up a personal blog site . WordPress plugin is an open source WordPress application plugin . A path traversal vulnerability exists in the WordPress Fil...

WordPress File Upload plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. WordPress File Upload plugin versions prior to 4.16.3 have a cross-site scripting vulnerability that stems from the plugin's failure to evade some of...

WordPress Download Manager 2.9.93 Plugin - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Download Manager Cross-site Scripting Exploit Author: ThuraMoeMyint Author Link: https://twitter.com/mgthuramoemyint Vendor Homepage: https://www.wpdownloadmanager.com Software Link:...

WordPress Plugin Download Manager 2.9.93 - Cross-Site Scripting

WordPress Plugin Download Manager 2.9.93 - Cross-Site Scripting Exploit Title: WordPress Download Manager Cross-site Scripting Discovery Date: 2019-04-13 Exploit Author: ThuraMoeMyint Author Link: https://twitter.com/mgthuramoemyint Vendor Homepage: https://www.wpdownloadmanager.com Software Link...

WordPress Plugin Download Manager 2.9.93 - Cross-Site Scripting

Exploit Title: WordPress Download Manager Cross-site Scripting Discovery Date: 2019-04-13 Exploit Author: ThuraMoeMyint Author Link: https://twitter.com/mgthuramoemyint Vendor Homepage: https://www.wpdownloadmanager.com Software Link: https://wordpress.org/plugins/download-manager Version: 2.9.93...

Download Manager <= 2.9.93 - Authenticated Cross-Site Scripting (XSS)

In the pro features of the WordPress download manager plugin, there is a Category Short-code feature witch can use to sort categories with order by a function which will be used as ?orderby=title,publishdate . By adding parameter " and add any XSS payload , the xss payload will execute. To...

WordPress Download Manager 2.9.93 Cross Site Scripting

Exploit Title: WordPress Download Manager Cross-site Scripting Discovery Date: 2019-04-13 Exploit Author: ThuraMoeMyint Author Link: https://twitter.com/mgthuramoemyint Vendor Homepage: https://www.wpdownloadmanager.com Software Link: https://wordpress.org/plugins/download-manager Version: 2.9.93...

Android Security Restriction Bypass Vulnerability

Android is an operating system based on the Linux open kernel, announced on November 5, 2007 by Google Inc. for cell phones. A security restriction bypass vulnerability exists in Android versions prior to 5.1.1 LMY48M relies on an obsolete permission name for an authorization check, which allows ...