CVE-2025-14446

The Popup Builder Easy Notify Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the easynotifycpreset function in all versions up to, and including, 1.1.37. This makes it possible for authenticated attackers, with Subscriber-level...

EUVD-2025-203200

The Popup Builder Easy Notify Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the easynotifycpreset function in all versions up to, and including, 1.1.37. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2025-14446

The Popup Builder Easy Notify Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the easynotifycpreset function in all versions up to, and including, 1.1.37. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2025-14446 Popup Builder <= 1.1.37 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Reset

The Popup Builder Easy Notify Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the easynotifycpreset function in all versions up to, and including, 1.1.37. This makes it possible for authenticated attackers, with Subscriber-level...

Linux Distros Unpatched Vulnerability : CVE-2018-10061

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENTQUOTES flag these calls occur when the htmlescape function in...

WordPress Magical Addons For Elementor plugin <= 1.1.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Effect Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Text Effect Widget vulnerability discovered by João G. Barbosa 4rCanJ0x! in WordPress Plugin Magical Addons For Elementor versions = 1.1.37...

WordPress Magical Addons For Elementor Plugin <= 1.1.37 is vulnerable to Cross Site Scripting (XSS)

Software Magical Addons For Elementor Type Plugin Vulnerable versions = 1.1.37 Fixed in 1.1.38 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2923 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8f23618a4eb9 Credits João G...

WordPress plugin Magical Addons For Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Cacti cross-site scripting vulnerability (CNVD-2018-08679)

Cacti is an open source, web-based network monitoring and mapping tool, a front-end application designed for the data logging tool RRDtool. A cross-site scripting vulnerability exists in the sanitizeuri function in versions of Cacti prior to 1.1.37, which can lead to cross-site scripting attacks...

CVE-2018-10061

Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENTQUOTES flag these calls occur when the htmlescape function in lib/html.php is not used...

DEBIAN-CVE-2018-10060

Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitizeuri function in lib/functions.php...