CVE-2026-25316

Deserialization of Untrusted Data vulnerability in Brainstorm Force CartFlows cartflows allows Object Injection.This issue affects CartFlows: from n/a through = 2.1.19...

CVE-2026-25316 WordPress CartFlows plugin <= 2.1.19 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Brainstorm Force CartFlows cartflows allows Object Injection.This issue affects CartFlows: from n/a through = 2.1.19...

CVE-2026-25316

Deserialization of Untrusted Data vulnerability in Brainstorm Force CartFlows cartflows allows Object Injection.This issue affects CartFlows: from n/a through = 2.1.19...

CVE-2025-13835 WordPress Arconix Shortcodes plugin <= 2.1.20 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tychesoftwares Arconix Shortcodes arconix-shortcodes allows Stored XSS.This issue affects Arconix Shortcodes: from n/a through = 2.1.20...

CVE-2025-13835

CVE-2025-13835 describes a stored XSS vulnerability in the WordPress plugin Arconix Shortcodes (versions up to 2.1.19). The issue arises from improper neutralization/escaping of user input during web page generation , allowing an attacker to inject and execute arbitrary script when the flawed sho...

PT-2025-48534

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tyche Softwares Arconix Shortcodes allows Stored XSS.This issue affects Arconix Shortcodes: from n/a through 2.1.19...

CVE-2025-12846

The Blocksy Companion plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 2.1.19. This is due to insufficient file type validation detecting SVG files, allowing double extension files to bypass sanitization while being accepted as a vali...

CVE-2025-12846 Blocksy Companion <= 2.1.19 - Authenticated (Author+) Arbitrary File Upload via SVG Upload Bypass

The Blocksy Companion plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 2.1.19. This is due to insufficient file type validation detecting SVG files, allowing double extension files to bypass sanitization while being accepted as a vali...

CVE-2025-12846 Blocksy Companion <= 2.1.19 - Authenticated (Author+) Arbitrary File Upload via SVG Upload Bypass

The Blocksy Companion plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 2.1.19. This is due to insufficient file type validation detecting SVG files, allowing double extension files to bypass sanitization while being accepted as a vali...

WordPress plugin Blocksy Companion 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

EUVD-2023-31232

Malicious code in bioql PyPI...

Rhymix 安全漏洞

Rhymix is an open source CMS and framework from Rhymix Inc. A security vulnerability exists in Rhymix version 2.1.19, which stems from a server-side request forgery vulnerability in the backend import data function...

PT-2024-36476 · Rhymix · Rhymix

Name of the Vulnerable Software and Affected Versions: Rhymix version 2.1.19 Description: The issue is related to Server-Side Request Forgery SSRF in the background import data function. This means that an attacker could potentially forge requests from the server, leading to unauthorized access t...

PT-2024-12133 · Unknown · Total Theme

Name of the Vulnerable Software and Affected Versions: Total versions prior to 2.1.19 Description: The issue allows authenticated users to activate arbitrary plugins due to missing authorization, exploiting incorrectly configured access control security levels. Recommendations: Update to Total...

WordPress GTM Server Side Plugin <= 2.1.19 is vulnerable to Cross Site Scripting (XSS)

Software GTM Server Side Type Plugin Vulnerable versions = 2.1.19 Fixed in 2.1.20 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8712 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cddfd6eae0a1 Credits vgo0 Required...

PT-2024-39192 · WordPress · Gtm Server Side

Name of the Vulnerable Software and Affected Versions: GTM Server Side plugin for WordPress versions up to, and including, 2.1.19 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This allows unauthenticate...

Elite Bulletin Board SQL Injection Vulnerability

Elite Bulletin Board is an advanced Bulletin Board program that provides advanced features such as CAPTCHA, sub-board, skinning ability, multilingual, commercial password encryption, and much more. 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 ...

CVE-2011-2546

SQL injection vulnerability in the web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtq65669...