577 matches found
CVE-2021-47841
SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs...
CVE-2021-47841 SnipCommand 0.1.0 - Persistent Cross-Site Scripting
SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs...
CVE-2021-47841
CVE-2021-47841 affects SnipCommand 0.1.0. The issue is a cross-site scripting vulnerability in command snippets that allows an attacker to inject malicious payloads and execute arbitrary code by embedding JavaScript that triggers remote command execution via file or title inputs. Sources across N...
PT-2026-3296
SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs...
CVE-2025-23780
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Alpha BPO Easy Code Snippets easy-code-snippets allows SQL Injection.This issue affects Easy Code Snippets: from n/a through = 1.0.2...
CVE-2025-63040
Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal Post Snippets post-snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through = 4.0.11...
CVE-2025-63040
Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal Post Snippets post-snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through = 4.0.11...
CVE-2025-63040
CVE-2025-63040 describes a CSRF vulnerability in the WordPress plugin Post Snippets (post-snippets) that affects versions from n/a up to and including 4.0.11. The issue is attributed to Cross-Site Request Forgery in the plugin, potentially enabling unauthorized actions on behalf of an authenticat...
CVE-2025-63040 WordPress Post Snippets plugin <= 4.0.11 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal Post Snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through 4.0.11...
CVE-2025-63040 WordPress Post Snippets plugin <= 4.0.11 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal Post Snippets post-snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through = 4.0.11...
EUVD-2025-205999
Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal Post Snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through 4.0.11...
WordPress Post Snippets plugin <= 4.0.11 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Post Snippets versions = 4.0.11...
PT-2025-54385
Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal Post Snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through 4.0.11...
WordPress plugin Post Snippets 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...
CVE-2025-14166
The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin allowing Author-level users to create and execute arbitrary PHP code through the Code Snippets feature without proper capability checks. This makes ...
EUVD-2025-202995
The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin allowing Author-level users to create and execute arbitrary PHP code through the Code Snippets feature without proper capability checks. This makes ...
CVE-2025-14166
The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin allowing Author-level users to create and execute arbitrary PHP code through the Code Snippets feature without proper capability checks. This makes ...
CVE-2025-14166
CVE-2025-14166 concerns the WordPress plugin WPMasterToolKit (WPMTK) up to version 2.13.0. The source documents confirm that an authenticated user with Contributor+ or Author+ roles can exploit Code Snippets via the plugin to inject PHP code on the server, enabling remote code execution and poten...
CVE-2025-14166 WPMasterToolKit (WPMTK) <= 2.13.0 - Authenticated (Contributor+) Code Injection
The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin allowing Author-level users to create and execute arbitrary PHP code through the Code Snippets feature without proper capability checks. This makes ...
CVE-2025-14166 WPMasterToolKit (WPMTK) <= 2.13.0 - Authenticated (Contributor+) Code Injection
The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin allowing Author-level users to create and execute arbitrary PHP code through the Code Snippets feature without proper capability checks. This makes ...