WordPress Open User Map PRO plugin <= 1.4.31 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Hunter Jensen skid in WordPress Plugin Open User Map PRO versions = 1.4.31...

CVE-2026-2827

The Open User Map PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oumlocationnotification' parameter in versions up to, and including, 1.4.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

WordPress plugin Open User Map PRO 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

lighttpd 1.4.31 http_request_split_value Function Header Handling DoS

According to its banner, the version of lighttpd running on the remote host is 1.4.31. It is, therefore, affected by a denial of service vulnerability. An error in the httprequestsplitvalue function in 'src/request.c' can cause the application to enter an endless loop when handling specially...

Memcached Server Update Remote Code Execution Vulnerability

Summary Multiple integer overflows in processbinupdate function which is responsible for processing multiple commands of Memcached binary protocol can be abused to cause heap overflow and lead to remote code execution. Tested Versions Memcached 1.4.31 Product URLs https://memcached.org/ CVSSv3...

[SECURITY] [DSA 3489-1] lighttpd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3489-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 23, 2016 https://www.debian.org/security/faq -...

Fedora 18 : lighttpd-1.4.32-1.fc18 (2013-15344)

One important denial of service in 1.4.31 fix: CVE-2012-5533. A flaw was found in lighttpd version 1.4.31 that could be exploited by a remote user to cause a denial of service condition in lighttpd. A client could send a malformed Connection header to lighttpd such as 'Connection: TE,,Keep-Alive'...

lighttpd 1.4.31 http_request_split_value Function Header Handling DoS

According to its banner, the version of lighttpd running on the remote host is 1.4.31. It is, therefore, affected by a denial of service vulnerability. An error in the httprequestsplitvalue function in 'src/request.c' can cause the application to enter an endless loop when handling specially...