25 matches found
CVE-2026-27070
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPEverest Everest Forms Pro allows Stored XSS.This issue affects Everest Forms Pro: from n/a through 1.9.10...
EUVD-2026-13091
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPEverest Everest Forms Pro allows Stored XSS.This issue affects Everest Forms Pro: from n/a through 1.9.10...
CVE-2026-27070 WordPress Everest Forms Pro plugin <= 1.9.10 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPEverest Everest Forms Pro allows Stored XSS.This issue affects Everest Forms Pro: from n/a through 1.9.10...
CVE-2026-27070 WordPress Everest Forms Pro plugin <= 1.9.10 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPEverest Everest Forms Pro allows Stored XSS.This issue affects Everest Forms Pro: from n/a through 1.9.10...
WordPress plugin Everest Forms Pro 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress Everest Forms Pro plugin <= 1.9.10 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Kishan Vyas in WordPress Plugin Everest Forms Pro versions = 1.9.10...
Security update for dnsdist
This update for dnsdist fixes the following issues: Update to version 1.9.10. CVE-2025-30194: illegal memory access double-free when processing specially crafted DoH exchanges leads to a denial-of-service bsc1242028. CVE-2025-30193: stack exhaustion when processing too many queries on incoming TC...
UBUNTU-CVE-2025-30193
In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of...
WordPress plugin Product Carousel Slider & Grid Ultimate for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A security vulnerability exists in WordPress plugin...
PT-2024-17415 · WordPress · Carousel Slider & Grid Ultimate
Name of the Vulnerable Software and Affected Versions: Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress versions up to, and including, 1.9.10 Description: The issue allows authenticated attackers with Contributor-level access and above to include and execute arbitrary...
WordPress plugin Marketing and SEO Booster 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
PT-2024-30915 · WordPress · Wpwax Product Carousel Slider & Grid Ultimate
Name of the Vulnerable Software and Affected Versions: wpWax Product Carousel Slider & Grid Ultimate for WooCommerce versions 1.9.10 and earlier Description: The issue is related to a Path Traversal vulnerability, which allows PHP Local File Inclusion. This vulnerability can be exploited by a...
PT-2024-34624 · WordPress · Rotating Tweets
Name of the Vulnerable Software and Affected Versions: Rotating Tweets plugin for WordPress versions up to, and including, 1.9.10 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'rotatingtweets' due to insufficient input sanitization and output escaping on...
WordPress plugin WP Video Lightbox 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-30403 · WordPress · Wp Video Lightbox
Name of the Vulnerable Software and Affected Versions: WP Video Lightbox plugin for WordPress versions up to, and including, 1.9.10 Description: The issue is related to Stored Cross-Site Scripting via the width parameter due to insufficient input sanitization and output escaping. This allows...
WordPress Safe SVG Plugin < 1.9.10 Contet-Type Bypass Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:safesvgproject:safesvg"; ifdescription...
CVE-2022-47440
Cross-Site Request Forgery CSRF vulnerability in Joseph C Dolson My Tickets plugin = 1.9.10 versions...
PT-2023-15316 · Joseph C Dolson · My Tickets
Name of the Vulnerable Software and Affected Versions: Joseph C Dolson My Tickets plugin versions = 1.9.10 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a we...
WordPress plugin My Tickets 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...
GHSA-CRHM-QPJC-CM64 Django CSRF Protection Bypass
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies...