WordPress plugin WP Blockade 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress WP Blockade – Visual Page Builder plugin <= 0.9.14 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin WP Blockade versions = 0.9.14...

WordPress WP Blockade plugin <= 0.9.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution via 'shortcode' Parameter vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Shortcode Execution via 'shortcode' Parameter vulnerability discovered by theviper17y in WordPress Plugin WP Blockade versions = 0.9.14...

CVE-2026-3480

The CVE-2026-3480 entry concerns the WordPress plugin WP Blockade (versions up to and including 0.9.14). The vulnerability is a Missing Authorization flaw in the admin_post handler for the shortcode render path. The function render_shortcode_preview() does not perform any capability checks (no cu...

CVE-2026-3480 WP Blockade <= 0.9.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution via 'shortcode' Parameter

The WP Blockade plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 0.9.14. The plugin registers an adminpost action hook 'wp-blockade-shortcode-render' that maps to the rendershortcodepreview function. This function lacks any capability check...

Linux Distros Unpatched Vulnerability : CVE-2019-9656

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofxsgml.cpp, as...

SUSE CVE-2005-3340

The tuxpaint-import.sh script in Tux Paint tuxpaint 0.9.14 and earlier creates temporary files insecurely, with unknown impact and attack vectors...

CVE-2022-26276

An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal...

OneNav 路径遍历漏洞

OneNav is a minimalist navigation/bookmark management system developed using PHP. A security vulnerability exists in index.php in OneNav v0.9.14. The vulnerability allows attackers to perform directory traversal...

UBUNTU-CVE-2019-9656

An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofxsgml.cpp, as demonstrated by ofxdump...

LibOFX Null Pointer Backreference Vulnerability

LibOFX is a library that allows programs to support OFX financial data bi-directional exchange command responses. A null pointer back-reference vulnerability exists in the 'OFXApplication::startElement' function in the lib/ofxsgml.cpp file in LibOFX version 0.9.14. No detailed vulnerability detai...

PT-2019-19780 · Libofx +3 · Libofx +3

Name of the Vulnerable Software and Affected Versions: LibOFX version 0.9.14 Description: An issue was discovered in LibOFX. There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofx sgml.cpp, as demonstrated by ofxdump. Recommendations: For LibOFX versi...

SQL Injection in Cotonti

Advisory ID: HTB23164 Product: Cotonti Vendor: Cotonti Team Vulnerable Versions: 0.9.13 and probably prior Tested Version: 0.9.13 Vendor Notification: July 10, 2013 Vendor Patch: July 17, 2013 Public Disclosure: July 31, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference: CVE-2013-4789...

Cotonti 0.9.13 - SQL Injection Vulnerability

Exploit for php platform in category web applications Product: Cotonti Vendor: Cotonti Team Vulnerable Versions: 0.9.13 and probably prior Tested Version: 0.9.13 Vendor Notification: July 10, 2013 Vendor Patch: July 17, 2013 Public Disclosure: July 31, 2013 Vulnerability Type: SQL Injection CWE-8...

Several Vulnerabilities in extension Formhandler (formhandler)

It has been discovered that the extension Formhandler formhandler is vulnerable to SQL-Injection and Cross-Site Scripting. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 0.9.14 and below Vulnerability Types: SQL...

[SECURITY] [DSA 941-1] New tuxpaint packages fix insecure temporary file creation

-------------------------------------------------------------------------- Debian Security Advisory DSA 941-1 [email protected] http://www.debian.org/security/ Martin Schulze January 16th, 2006 http://www.debian.org/security/faq -...