WordPress Drone theme <= 1.40 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Drone versions = 1.40...

HP Integrated Lights-Out Improper Neutralization of Input During Web Page Generation (CVE-2018-7117)

A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerability was identified in HPE Integrated Lights-Out 5 iLO 5 for Gen10 ProLiant Servers earlier than version v1.40. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

EUVD-2019-2736

Malware in sbrugna...

EUVD-2025-9080

Malicious code in bioql PyPI...

CVE-2025-30971

CVE-2025-30971 (XV Random Quotes) is an SQL Injection in the XV Random Quotes WordPress plugin. The vulnerability arises from improper input handling, affecting XV Random Quotes versions up to 1.40 (n/a–1.40). It is rated CRITICAL (CVSS 3.1: 9.3) with NETWORK attack vector and HIGH confidentialit...

WordPress XV Random Quotes plugin <= 2.6.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Bob Matyas in WordPress Plugin XV Random Quotes versions = 2.6.0...

WordPress plugin XV Random Quotes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress plugin XV Random Quotes 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-13455

The igumbi Online Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'igumbicalendar' shortcode in all versions up to, and including, 1.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin igumbi Online Booking 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-8853

The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.40 due to insufficient restriction on the 'doSsoAuthentification' function. This makes it possible for unauthenticated attackers to make themselves administrators by registering with a...

WordPress Webo-facto plugin <= 1.40 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by István Márton in WordPress Plugin Webo-facto versions = 1.40...

PT-2024-39277 · WordPress · Webo-Facto

Name of the Vulnerable Software and Affected Versions: Webo-facto plugin for WordPress versions up to, and including, 1.40 Description: The Webo-facto plugin for WordPress has a privilege escalation issue due to insufficient restriction on the doSsoAuthentification function. This allows...

WordPress plugin Webo-facto 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2023-45360

An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers...

CVE-2023-45362

An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser aka "X intermediate revisions by the same user not shown" ignores username suppression. This is an information leak...

PT-2023-8948 · Mediawiki +2 · Wikibase +2

Name of the Vulnerable Software and Affected Versions: Wikibase extension for MediaWiki versions 1.35.x through 1.35.11 Wikibase extension for MediaWiki versions 1.36.x through 1.39.4 Wikibase extension for MediaWiki versions 1.40.x through 1.40.0 Description: An issue was discovered in the...

CVE-2022-21805

Reflected cross-site scripting vulnerability in the attached file name of phpmailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors...

CVE-2022-22142

Reflected cross-site scripting vulnerability in the checkbox of phpmailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors...

Cross site scripting

Reflected cross-site scripting vulnerability in the attached file name of phpmailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors...