CVE-2016-20076 WordPress Simple-Backup 2.7.11 Arbitrary File Deletion and Download

WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the deletebackupfile and downloadbackupfile parameters in tools.php. Attackers can exploit insufficient input validation usi...

CVE-2016-20076

WordPress Simple-Backup 2.7.11 is affected by multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files via the delete_backup_file and download_backup_file parameters in tools.php. The issue arises from insufficient input validation and d...

PT-2026-49214

WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the delete backup file and download backup file parameters in tools.php. Attackers can exploit insufficient input validation...

CVE-2026-5333 DefaultFuction Content-Management-System tools.php command injection

A security flaw has been discovered in DefaultFuction Content-Management-System 1.0. This issue affects some unknown processing of the file /admin/tools.php. The manipulation of the argument host results in command injection. The attack can be executed remotely. The exploit has been released to t...

CVE-2026-5333

CVE-2026-5333 affects DefaultFuction Content-Management-System 1.0. The issue is a command-injection vulnerability caused by manipulation of the host argument in the file /admin/tools.php. It can be exploited remotely. The connected sources consistently describe the vulnerability as affecting thi...

CVE-2026-5333 DefaultFuction Content-Management-System tools.php command injection

A security flaw has been discovered in DefaultFuction Content-Management-System 1.0. This issue affects some unknown processing of the file /admin/tools.php. The manipulation of the argument host results in command injection. The attack can be executed remotely. The exploit has been released to t...

EUVD-2015-9241

Malware in sbrugna...

CVE-2024-36626

In prestashop 8.1.4, a NULL pointer dereference was identified in the mathround function within Tools.php...

NULL Pointer Dereference

PrestaShop is vulnerable to a NULL pointer dereference. The vulnerability is due to improper handling of NULL values in the mathround function within Tools.php, leading to a NULL pointer dereference. Attackers can exploit this to crash the application or potentially cause a denial of service...

CVE-2024-36626

In prestashop 8.1.4, a NULL pointer dereference was identified in the mathround function within Tools.php...

CVE-2024-36626

In prestashop 8.1.4, a NULL pointer dereference was identified in the mathround function within Tools.php...

PrestaShop 安全漏洞

PrestaShop is an open source e-commerce solution from the American company PrestaShop. The solution provides multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop version 8.1.4, which stems from a NULL pointer dereference in the...

CVE-2024-36626

In prestashop 8.1.4, a NULL pointer dereference was identified in the mathround function within Tools.php...

PT-2024-27102

Name of the Vulnerable Software and Affected Versions: Prestashop version 8.1.4 Description: A NULL pointer dereference was identified in the math round function within Tools.php. Recommendations: For Prestashop version 8.1.4, consider disabling the math round function within Tools.php until a...

CVE-2021-39413

Multiple Cross Site Scripting XSS vulnerabilities exits in SEO Panel v4.8.0 via the 1 totime parameter in a backlinks.php, b analytics.php, c log.php, d overview.php, e pagespeed.php, f rank.php, g review.php, h saturationchecker.php, i socialmedia.php, and j reports.php; the 2 fromtime parameter...

CVE-2021-39413

Multiple Cross Site Scripting XSS vulnerabilities exits in SEO Panel v4.8.0 via the 1 totime parameter in a backlinks.php, b analytics.php, c log.php, d overview.php, e pagespeed.php, f rank.php, g review.php, h saturationchecker.php, i socialmedia.php, and j reports.php; the 2 fromtime parameter...

WP Fusion Lite < 3.37.31 - Reflected Cross-Site Scripting (XSS)

The plugin does not escape the startdate and enddate parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting issue. This is due to an incorrect fix of CVE-2021-34660 https://wpscan.com/vulnerability/4a4934d6-282d-4e8c-922a-6b1f12884191...

Database Backup for WordPress < 2.4 - Authenticated Persistent Cross-Site Scripting (XSS)

The plugin did not escape the backuprecipient POST parameter in before output it back in the attribute of an HTML tag, leading to a Stored Cross-Site Scripting issue. POST /wp-admin/tools.php?page=wp-db-backup HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 Content-Type:...

CVE-2015-9398

The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection...

Cross site scripting

The websimon-tables plugin through 1.3.4 for WordPress has wp-admin/tools.php editstyle id XSS...