Linux Distros Unpatched Vulnerability : CVE-2017-9471

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via ...

CVE-2025-53204

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ovatheme eventlist eventlist allows PHP Local File Inclusion.This issue affects eventlist: from n/a through = 1.9.2...

CVE-2025-53204

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ovatheme eventlist eventlist allows PHP Local File Inclusion.This issue affects eventlist: from n/a through = 1.9.2...

CVE-2025-53204

CVE-2025-53204 is a Local File Inclusion vulnerability in the WordPress plugin Event List (ovatheme eventlist) affecting versions up to 1.9.2, caused by improper filename control for include/require statements. The vulnerability enables LFI and has a high impact (CVSS 3.1: 8.1). The issue is list...

CVE-2025-53204 WordPress eventlist plugin <= 1.9.2 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ovatheme eventlist allows PHP Local File Inclusion. This issue affects eventlist: from n/a through 1.9.2...

CVE-2025-53204 WordPress eventlist plugin <= 1.9.2 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ovatheme eventlist eventlist allows PHP Local File Inclusion.This issue affects eventlist: from n/a through = 1.9.2...

WordPress plugin eventlist 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-33970 · Unknown · Ovatheme Eventlist

Name of the Vulnerable Software and Affected Versions: ovatheme eventlist versions through 1.9.2 Description: This issue involves an Improper Control of Filename for Include/Require Statement, also known as a PHP Remote File Inclusion, in ovatheme eventlist. This allows for PHP Local File...

WordPress plugin Qi Addons For Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin ListingEasy 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

WordPress ListingEasy theme <= 1.9.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Theme ListingEasy versions = 1.9.2...

WordPress plugin Image Cleanup 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2025-49299

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPlugged.com WebHotelier webhotelier allows Stored XSS.This issue affects WebHotelier: from n/a through = 1.9.2...

CVE-2025-49299

CVE-2025-49299 is a Stored XSS in WebHotelier for WordPress (WebHotelier) affecting up to version 1.9.2 . The root cause is improper input neutralization during web page generation . The vulnerability is noted as patched in version 1.9.2 ; CVSSv3.1 base score is 6.5 (Medium) . Action: upgrade to ...

CVE-2025-49299 WordPress WebHotelier plugin <= 1.9.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPlugged.com WebHotelier webhotelier allows Stored XSS.This issue affects WebHotelier: from n/a through = 1.9.2...

WordPress WebHotelier plugin <= 1.9.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin WebHotelier versions = 1.9.2...

CVE-2024-24880

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apollo13Themes Apollo13 Framework Extensions allows Stored XSS.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.2...

CVE-2024-38785

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9.2...

CVE-2016-15010

UNSUPPORTED WHEN ASSIGNED A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site scripting. The attack can be...

CVE-2025-4419

The Hot Random Image plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.9.2 via the 'path' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to access arbitrary images with allowed extensions, outside ...