EUVD-2026-9781

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Little Birdies little-birdies allows PHP Local File Inclusion.This issue affects Little Birdies: from n/a through = 1.3.16...

CVE-2026-28129 WordPress Little Birdies theme <= 1.3.16 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Little Birdies little-birdies allows PHP Local File Inclusion.This issue affects Little Birdies: from n/a through = 1.3.16...

CVE-2025-14548

Summary (CVE-2025-14548) : The Calendar WordPress plugin is affected up to version 1.3.16. The vulnerability is a Stored Cross-Site Scripting (XSS) via the event_desc parameter caused by insufficient input sanitization and output escaping. The issue is exploitable by authenticated attackers with ...

EUVD-2025-27455

Malicious code in bioql PyPI...

CVE-2025-30875

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alexandre Froger WP Weixin wp-weixin allows Stored XSS.This issue affects WP Weixin: from n/a through = 1.3.16...

CVE-2025-30875 WordPress WP Weixin plugin <= 1.3.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alexandre Froger WP Weixin wp-weixin allows Stored XSS.This issue affects WP Weixin: from n/a through = 1.3.16...

CVE-2025-30875

CVE-2025-30875 applies to WordPress plugin WP Weixin by Alexandre Froger, vulnerable to Stored XSS via improper input neutralization during web page generation. Affected: WP Weixin versions n/a through 1.3.16. CVSS v3.1 metrics: AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L; base score 5.9 (Medium). Exploi...

WordPress plugin WP Weixin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

PT-2025-36755

Name of the Vulnerable Software and Affected Versions: Alexandre Froger WP Weixin versions through 1.3.16 Description: The software contains an Improper Neutralization of Input During Web Page Generation, which allows for Stored Cross-site Scripting XSS. Recommendations: Update Alexandre Froger W...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices prior to version 1.3.16, which stems from a Blockchain Keystore containing an improperly...

WordPress Appointment Hour Booking Plugin < 1.3.16 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dwbooster:appointmenthourbooking"; ifdescription...

Security update for roundcubemail (important)

openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2021:1014-1 Rating: important References: 1180399 1187706 1187707 Cross-References: CVE-2020-18670 CVE-2020-18671 CVE-2020-35730 CVSS scores: CVE-2020-18670 NVD : 5.4...

OPENSUSE-SU-2021:0974-1 Security update for roundcubemail

This update for roundcubemail fixes the following issues: Upgrade to version 1.3.16 This is a security update to the LTS version 1.3. It fixes a recently reported stored cross-site scripting XSS vulnerability via HTML or plain text messages with malicious content. References: - CVE-2020-18670:...

Security update for roundcubemail (important)

openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2021:0942-1 Rating: important References: 1180399 1187706 1187707 Cross-References: CVE-2020-18670 CVE-2020-18671 CVE-2020-35730 CVSS scores: CVE-2020-18670 NVD : 5.4...

Security update for roundcubemail (important)

openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2021:0931-1 Rating: important References: 1180399 1187706 1187707 Cross-References: CVE-2020-18670 CVE-2020-18671 CVE-2020-35730 CVSS scores: CVE-2020-35730 NVD : 6.1...

Vulnerability fixed in Roundcube

A vulnerability has been found in Roundcube. A malicious party can exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. With the exploitation of this...

[SECURITY] [DSA 4821-1] roundcube security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4821-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 28, 2020 https://www.debian.org/security/faq -...

CVE-2020-35730

An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkrefaddindex in rcubestringreplacer.php...

CVE-2017-18543

The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations...

CVE-2017-18544

The invite-anyone plugin before 1.3.16 for WordPress has admin-panel CSRF...