PT-2025-34922 · Unknown · Alexvtn Chatbox Manager

Name of the Vulnerable Software and Affected Versions: alexvtn Chatbox Manager versions through 1.2.6 Description: The software contains a Stored Cross-Site Scripting XSS issue due to improper neutralization of input during web page generation. This allows for the injection of malicious scripts...

PT-2025-34820 · WordPress · Siteseo – Seo Simplified

Name of the Vulnerable Software and Affected Versions: SiteSEO – SEO Simplified plugin for WordPress versions up to and including 1.2.7 Description: The SiteSEO – SEO Simplified plugin for WordPress is susceptible to Stored Cross-Site Scripting due to a broken preg replace expression and...

PT-2024-36233 · Unknown · Yaycommerce Brand

Name of the Vulnerable Software and Affected Versions: YayCommerce Brand versions 1.1.6 and earlier Description: The issue involves improper neutralization of input during web page generation, leading to a Cross-site Scripting XSS vulnerability, specifically Stored XSS. This allows attackers to...

PT-2024-34724 · Elementor · Nicheaddons Restaurant & Cafe Addon For Elementor

Name of the Vulnerable Software and Affected Versions: NicheAddons Restaurant & Cafe Addon for Elementor versions 1.5.6 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS...

PT-2024-12565 · Thimpress · Thimpress Learnpress

Name of the Vulnerable Software and Affected Versions: ThimPress LearnPress versions 4.2.3 and earlier Description: The issue is related to a Missing Authorization vulnerability in ThimPress LearnPress. Recommendations: For ThimPress LearnPress versions 4.2.3 and earlier, update to a version late...

PT-2024-14100 · Wpeverest · Everest Forms

Name of the Vulnerable Software and Affected Versions: Everest Forms versions 2.0.3 and earlier Description: The issue is related to a Missing Authorization vulnerability in WPEverest Everest Forms. Recommendations: For versions 2.0.3 and earlier, update to a version later than 2.0.3 to resolve t...

PT-2024-19923 · Unknown · Happyforms

Name of the Vulnerable Software and Affected Versions: Happyforms versions 1.25.10 and earlier Description: The issue is related to a Missing Authorization vulnerability in Happyforms. Recommendations: For versions 1.25.10 and earlier, update to a version later than 1.25.10 to resolve the issue...

PT-2024-23444 · Unknown · Sliced Invoices

Name of the Vulnerable Software and Affected Versions: Sliced Invoices versions 3.9.2 and earlier Description: A Missing Authorization issue affects Sliced Invoices, allowing unauthorized access. The estimated number of potentially affected devices worldwide is not specified. There is no...

PT-2024-24872 · Merv Barrett · Easy Property Listings

Name of the Vulnerable Software and Affected Versions: Easy Property Listings versions 3.5.3 and earlier Description: The issue is related to a Missing Authorization vulnerability in Merv Barrett Easy Property Listings. Recommendations: For versions 3.5.3 and earlier, update to a version later th...

PT-2024-25567 · Unknown · Kailey Lampert Mini Loops

Name of the Vulnerable Software and Affected Versions: Kailey Lampert Mini Loops versions 1.4.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker ca...

PT-2023-18467 · Unknown · Conprosys Hmi System

Name of the Vulnerable Software and Affected Versions: CONPROSYS HMI System CHS versions 3.4.5 and earlier Description: A cross-site scripting issue allows a remote authenticated attacker to inject an arbitrary script and obtain sensitive information. Recommendations: For CONPROSYS HMI System CHS...

PT-2009-4665

Name of the Vulnerable Software and Affected Versions DirectAdmin versions 1.33.6 and earlier Description A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML via the URI in a view=advanced request. This occurs due to a vulnerability in CMD...