Grav CMS is vulnerable to Cross Site Scripting (XSS) in the page editor

Grav CMS 1.7.49 is vulnerable to Cross Site Scripting XSS. The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize tags, allowing stored XSS payloads to execute when pages are viewed in the admin interface...

CVE-2025-65186

Grav CMS 1.7.49 is vulnerable to Cross Site Scripting XSS. The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize tags, allowing stored XSS payloads to execute when pages are viewed in the admin interface...

EUVD-2024-47571

Malicious code in bioql PyPI...

CVE-2024-6482

The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a lack of validation and missing capability check on user-supplied data in the 'lwpupdatepasswordaction' function. This makes it possible for...

WordPress Login with phone number plugin <= 1.7.49 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation vulnerability

Authenticated Subscriber+ Authorization Bypass to Privilege Escalation vulnerability discovered by Thanh Nam Tran in WordPress Plugin Login with phone number versions = 1.7.49...

CVE-2024-6482

The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a lack of validation and missing capability check on user-supplied data in the 'lwpupdatepasswordaction' function. This makes it possible for...

CVE-2024-6482 Login with phone number <= 1.7.49 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation

The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a lack of validation and missing capability check on user-supplied data in the 'lwpupdatepasswordaction' function. This makes it possible for...

WordPress plugin Login with phone number 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...