570 matches found
WordPress Woody Ad Snippets <2.2.5 - Cross-Site Scripting/Remote Code Execution
WordPress Woody Ad Snippets prior to 2.2.5 is susceptible to cross-site scripting and remote code execution via admin/includes/class.import.snippet.php, which allows unauthenticated options import as demonstrated by storing a cross-site scripting payload for remote code execution. id:...
Java-springboot-codebase 1.1 - Arbitrary File Read
OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized...
CVE-2026-56049
CVE-2026-56049 affects WordPress Post Snippets plugin and is a Remote Code Execution vulnerability in versions
EUVD-2026-39380
Contributor Remote Code Execution RCE in Post Snippets = 4.0.19 versions...
CVE-2026-56049 WordPress Post Snippets plugin <= 4.0.19 - Remote Code Execution (RCE) vulnerability
Contributor Remote Code Execution RCE in Post Snippets = 4.0.19 versions...
Vulnerabilities are handled in GitLab Community Edition and Enterprise Edition
GitLab Inc. has identified several vulnerabilities in GitLab Enterprise Edition EE and other versions of GitLab, particularly in releases from version 8.3 to 19.1.1, with a focus on versions around 18.11.6, 19.0.3, and 19.1.1. These vulnerabilities affect various components of GitLab, including t...
PT-2026-52431
Name of the Vulnerable Software and Affected Versions Post Snippets versions prior to 4.0.20 Description Remote attackers with contributor-level permissions can execute arbitrary code on the server. Recommendations Update Post Snippets to version 4.0.20 or later...
CVE-2026-7430
The Post Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.0.19. This is due to insufficient output escaping of imported snippet content when rendering JavaScript variables in the post editor. Specifically, the jqueryUiDialog method...
CVE-2026-5748
The Text Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ts shortcode in all versions up to, and including, 0.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...
CVE-2026-8832
The WPCode - Insert Headers and Footers + Custom Code Snippets - WordPress Code Manager plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.3.5 This is due to the 'wpcode' custom post type being registered without a custom capabilitytype or capability...
CVE-2026-7430
The Post Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.0.19. This is due to insufficient output escaping of imported snippet content when rendering JavaScript variables in the post editor. Specifically, the jqueryUiDialog method...
CVE-2026-7430
The CVE-2026-7430 affects the Post Snippets WordPress plugin (versions up to and including 4.0.19). The root cause is insufficient output escaping when importing snippets, where content is embedded directly into JavaScript strings in WPEditor.php (jqueryUiDialog) and bypasses wp_magic_quotes(), e...
CVE-2026-7430 Post Snippets <= 4.0.19 - Authenticated (Administrator+) Stored Cross-Site Scripting via Import
The Post Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.0.19. This is due to insufficient output escaping of imported snippet content when rendering JavaScript variables in the post editor. Specifically, the jqueryUiDialog method...
CVE-2026-7430
The Post Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.0.19. This is due to insufficient output escaping of imported snippet content when rendering JavaScript variables in the post editor. Specifically, the jqueryUiDialog method...
CVE-2026-7430 Post Snippets <= 4.0.19 - Authenticated (Administrator+) Stored Cross-Site Scripting via Import
The Post Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.0.19. This is due to insufficient output escaping of imported snippet content when rendering JavaScript variables in the post editor. Specifically, the jqueryUiDialog method...
EUVD-2026-33246
The Post Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.0.19. This is due to insufficient output escaping of imported snippet content when rendering JavaScript variables in the post editor. Specifically, the jqueryUiDialog method...
PT-2026-44745
The Post Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.0.19. This is due to insufficient output escaping of imported snippet content when rendering JavaScript variables in the post editor. Specifically, the jqueryUiDialog method...
WordPress plugin Post Snippets 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress Post Snippets – Custom WordPress Code Snippets Customizer plugin <= 4.0.19 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by a1batr0ss in WordPress Plugin Post Snippets versions = 4.0.19...
EUVD-2026-32534
GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject...