22 matches found
CVE-2026-42738
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Stored XSS.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...
WordPress Smart Online Order for Clover plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by she11f in WordPress Plugin Smart Online Order for Clover versions = 1.6.0...
CVE-2026-42746
Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Retrieve Embedded Sensitive Data.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...
CVE-2026-42746 WordPress Smart Online Order for Clover plugin <= 1.6.0 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Retrieve Embedded Sensitive Data.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...
CVE-2025-15635
Cross-Site Request Forgery CSRF vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Cross Site Request Forgery.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...
CVE-2026-1674
The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization within the savegutenaformsschema function in all versions up to, and including, 1.6.0. This makes...
CVE-2026-1674 Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder <= 1.6.0 - Authenticated (Contributor+) Limited Options Update in save_gutena_forms_schema()
The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization within the savegutenaformsschema function in all versions up to, and including, 1.6.0. This makes...
CVE-2026-24802
Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in briandilley jsonrpc4j src/main/java/com/googlecode/jsonrpc4j modules. This vulnerability is associated with program files NoCloseOutputStream.Java. This issue affects jsonrpc4j: through 1.6.0...
CVE-2026-24802 Buffer Overflow Vulnerability in briandilley/jsonrpc4j
Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in briandilley jsonrpc4j src/main/java/com/googlecode/jsonrpc4j modules. This vulnerability is associated with program files NoCloseOutputStream.Java. This issue affects jsonrpc4j: through 1.6.0...
CVE-2025-53456 WordPress SEO Backlink Monitor Plugin <= 1.6.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in activewebsight SEO Backlink Monitor allows Cross Site Request Forgery. This issue affects SEO Backlink Monitor: from n/a through 1.6.0...
CVE-2025-53456 WordPress SEO Backlink Monitor plugin <= 1.8.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in activewebsight SEO Backlink Monitor seo-backlink-monitor allows Cross Site Request Forgery.This issue affects SEO Backlink Monitor: from n/a through = 1.8.0...
PT-2025-35023
Name of the Vulnerable Software and Affected Versions: WP Smart Widgets Better Post & Filter Widgets for Elementor versions through 1.6.0 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting XSS...
CVE-2025-30929
Missing Authorization vulnerability in amazewp fluXtore fluxtore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects fluXtore: from n/a through = 1.6.0...
WordPress plugin fluXtore 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-54280
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Iqonic Design WPBookit allows SQL Injection.This issue affects WPBookit: from n/a through 1.6.0...
WordPress MC4WP: Mailchimp Top Bar plugin <= 1.6.0 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin MC4WP: Mailchimp Top Bar versions = 1.6.0...
PT-2024-39195 · WordPress · Simple Ldap Login
Name of the Vulnerable Software and Affected Versions: Simple LDAP Login plugin for WordPress versions up to, and including, 1.6.0 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without proper escaping on the URL. This allows unauthenticated...
CVE-2024-33589
Missing Authorization vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.6.0...
PT-2023-31394 · Unknown · Twinpictures Annual Archive
Name of the Vulnerable Software and Affected Versions: Twinpictures Annual Archive versions n/a through 1.6.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker...
PT-2023-29265 · Unknown · Jeecgboot Jimureport
Name of the Vulnerable Software and Affected Versions: jeecgboot JimuReport versions up to 1.6.0 Description: A critical issue was found in the Template Handler component, allowing for remote injection attacks. The exploit has been disclosed publicly. Recommendations: For jeecgboot JimuReport...