CVE-2026-0926 Prodigy Commerce <= 3.3.0 - Unauthenticated Local File Inclusion via parameters[template_name]

The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'parameterstemplatename' parameter. This makes it possible for unauthenticated attackers to include and read arbitrary files or execute arbitrary files on the server...

CVE-2026-0926 Prodigy Commerce <= 3.3.0 - Unauthenticated Local File Inclusion via parameters[template_name]

The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'parameterstemplatename' parameter. This makes it possible for unauthenticated attackers to include and read arbitrary files or execute arbitrary files on the server...

WordPress plugin Prodigy Commerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2025-3491

The Add custom page template plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'acptvalidatesetting' function. This is due to insufficient sanitization of the 'templatename' parameter. This makes it possib...

PT-2025-17949 · WordPress · Add Custom Page Template Plugin

Name of the Vulnerable Software and Affected Versions: Add custom page template plugin for WordPress versions up to, and including, 2.0.1 Description: The issue is related to PHP Code Injection leading to Remote Code Execution due to insufficient sanitization of the template name parameter. This ...

PT-2024-20870 · Redaxo · Redaxo

Name of the Vulnerable Software and Affected Versions: Redaxo version 5.15.1 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section. Recommendations: For Redaxo version...

CVE-2022-28864

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the...

Octopus Deploy XSS Vulnerability

Cross-site scripting XSS vulnerability in Octopus Deploy allows remote authenticated users to inject arbitrary web script or HTML via the Step Template Name parameter. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright ...

Cross site scripting

Cross-site scripting XSS vulnerability in Octopus Deploy 3.7.0-3.17.13 fixed in 3.17.14 allows remote authenticated users to inject arbitrary web script or HTML via the Step Template Name parameter...

CVE-2017-16801

Cross-site scripting XSS vulnerability in Octopus Deploy 3.7.0-3.17.13 fixed in 3.17.14 allows remote authenticated users to inject arbitrary web script or HTML via the Step Template Name parameter...

CVE-2004-2493

The CVE-2004-2493 entry describes a directory traversal vulnerability in Groupmax World Wide Web (GmaxWWW) 2 and 3, and Desktop 5, 6, and Desktop for Jichitai. A remote authenticated attacker can read arbitrary .html files through the template name parameter. Affected software components are the ...