225 matches found
PT-2025-4583 · Unknown · Yamna Khawaja Mailing Group Listserv
Name of the Vulnerable Software and Affected Versions: Yamna Khawaja Mailing Group Listserv versions n/a through 2.0.9 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting. This allows for Reflected XSS...
PT-2025-4716 · Unknown · Robert Peake Responsive Flickr Slideshow
Name of the Vulnerable Software and Affected Versions: Robert Peake Responsive Flickr Slideshow versions n/a through 2.6.0 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting, which allows Stored XSS. This means that...
PT-2025-2085 · Unknown · Opigno Group Manager
Name of the Vulnerable Software and Affected Versions: Opigno group manager versions 0.0.0 through 3.1.1 Description: The issue is related to the improper neutralization of directives in statically saved code, also known as 'static code injection', which allows for PHP Local File Inclusion in the...
PT-2025-4541 · Addfunc · Addfunc Mobile Detect
Name of the Vulnerable Software and Affected Versions: AddFunc Mobile Detect versions n/a through 3.1 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting'. This allows for Stored XSS in AddFunc Mobile Detect...
PT-2025-4509 · Unknown · Hitesh Patel Metadata Seo
Name of the Vulnerable Software and Affected Versions: Hitesh Patel Metadata SEO versions n/a through 2.3 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Stored XSS. This means that an attacker ca...
PT-2025-1804 · WordPress · Infility Global
Name of the Vulnerable Software and Affected Versions: Infility Global plugin for WordPress versions up to, and including, 2.9.8 Description: The issue is related to Reflected Cross-Site Scripting via the set type parameter due to insufficient input sanitization and output escaping. This allows...
PT-2025-3218 · Themelooks · Themelooks Enter Addons
Name of the Vulnerable Software and Affected Versions: ThemeLooks Enter Addons versions n/a through 2.1.9 Description: The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting XSS. This means an attacker can inject malicious...
PT-2025-1505 · Unknown · Freesoul Deactivate Plugins
Name of the Vulnerable Software and Affected Versions: Freesoul Deactivate Plugins – Plugin manager and cleanup versions 2.1.3 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Thi...
PT-2025-3231 · Unknown · Interactive Uk Map
Name of the Vulnerable Software and Affected Versions: Interactive UK Map versions n/a through 3.4.8 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can inject malicious...
PT-2025-32391 · Gnu +1 · Gnu Cflow +1
Name of the Vulnerable Software and Affected Versions: GNU cflow versions up to 1.8 Description: A problematic issue exists in GNU cflow due to a null pointer dereference in the yylex function within the c.c file of the Lexer component. This issue can be exploited locally. The exploit has been...
PT-2024-17132 · WordPress · Wp-Publications
Name of the Vulnerable Software and Affected Versions: wp-publications WordPress plugin versions 1.2 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks even when the unfiltered html capability is disallowed, for example i...
PT-2024-27868 · Agency · Dominion Fusion
Name of the Vulnerable Software and Affected Versions: Agency Dominion Fusion versions n/a through 1.6.1 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can inject...
PT-2024-36648 · 搜狐畅言 · 搜狐畅言
Name of the Vulnerable Software and Affected Versions: 搜狐畅言 畅言评论系统 versions n/a through 2.0.5 Description: The issue is related to a missing authorization vulnerability that allows the exploitation of incorrectly configured access control security levels. Recommendations: For versions n/a through...
PT-2024-16726 · WordPress · Ninja Forms
Name of the Vulnerable Software and Affected Versions: Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress versions up to, and including, 3.8.19 Description: The issue is related to Stored Cross-Site Scripting via the calculations parameter due to insufficient input...
PT-2024-16910 · WordPress · Accounting For Woocommerce
Name of the Vulnerable Software and Affected Versions: Accounting for WooCommerce plugin for WordPress versions up to, and including, 1.6.6 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This allows...
PT-2024-9438 · I O Data Device · Ud-Lt1/Ex +1
Name of the Vulnerable Software and Affected Versions: I-O Data Device UD-LT1 versions 2.1.9 and earlier I-O Data Device UD-LT1/EX versions 2.1.9 and earlier Description: The issue allows a remote authenticated attacker with an administrative account to execute arbitrary OS commands. This is due ...
PT-2024-35886 · WordPress · Sparkle Wp Sparkle Elementor Kit
Name of the Vulnerable Software and Affected Versions: Sparkle WP Sparkle Elementor Kit versions through 2.0.9 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This is a Cross-site...
PT-2024-35502 · Adobe · Substance3D - Stager
Name of the Vulnerable Software and Affected Versions: Substance3D - Stager versions 3.0.2 and earlier Description: The issue is an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR...
PT-2024-35275 · W3 Eden · W3 Eden
Name of the Vulnerable Software and Affected Versions: W3 Eden, Inc. Premium Packages versions n/a through 5.9.3 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...
PT-2024-34913 · Unknown · Elementsready Addons For Elementor
Name of the Vulnerable Software and Affected Versions: ElementsReady Addons for Elementor versions n/a through 6.4.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...