Wireshark 2.2.x < 2.2.14 Multiple Vulnerabilities

The version of Wireshark installed on the remote Windows host is prior to 2.2.14. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.2.14 advisory. - The MP4 dissector could crash. It may be possible to make Wireshark crash by injecting a malformed packet onto...

CVE-2025-14283

The BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BlockArt Counter in all versions up to, and including, 2.2.14 due to insufficient input sanitization and outpu...

CVE-2025-14283 BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library <= 2.2.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

The BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BlockArt Counter in all versions up to, and including, 2.2.14 due to insufficient input sanitization and outpu...

CVE-2025-14283

CVE-2025-14283 - BlockArt Blocks (WordPress plugin) : A stored XSS vulnerability in BlockArt Counter is caused by insufficient input sanitization and output escaping on user-supplied attributes. It affects BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks, WordPress Block Plugin, Sections &...

CVE-2025-14283 BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library <= 2.2.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

The BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BlockArt Counter in all versions up to, and including, 2.2.14 due to insufficient input sanitization and outpu...

EUVD-2025-28203

Malicious code in bioql PyPI...

EUVD-2024-17275

Malicious code in bioql PyPI...

WordPress plugin Kids Planet 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in...

CVE-2020-22732

CMS Made Simple CMSMS 2.2.14 allows stored XSS via the Extensions Fie Picker...

CVE-2020-23240

Cross Site Scripting XSS vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature...

WordPress Kids Planet Theme <= 2.2.14 is vulnerable to PHP Object Injection

Software Kids Planet Type Theme Vulnerable versions = 2.2.14 Fixed in 2.2.14.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-48289 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID bcc60af9dea2 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...

DEBIAN-CVE-2025-32441

Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the Rack::Session::Pool middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Rack session middleware prepares the session at the...

Rack 安全漏洞

Rack is a modular Ruby web server interface open-sourced by Rack. A security vulnerability exists in versions of Rack prior to 2.2.14 that stems from a session recovery issue that could lead to an unauthorized user occupying a session...

WordPress School Management System – WPSchoolPress plugin <= 2.2.14 - Authenticated (Student/Parent+) SQL Injection vulnerability

Authenticated Student/Parent+ SQL Injection vulnerability discovered by shaman0x01 in WordPress Plugin WPSchoolPress versions = 2.2.14...

CVE-2024-12332

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...

WordPress plugin WPSchoolPress SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...

WordPress EventON Plugin <= 2.2.14 is vulnerable to Cross Site Scripting (XSS)

Software EventON Type Plugin Vulnerable versions = 2.2.14 Fixed in 2.2.15 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33940 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 63d47ec77b3d Credits Van Lyubov Required privilege Administrator...

CVE-2024-1528

CMS Made Simple version 2.2.14, does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /admin/moduleinterface.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to ...

CVE-2024-1527

CMS Made Simple 2.2.14 has an Unrestricted File Upload vulnerability (CVE-2024-1527). An authenticated user can bypass upload protections and potentially upload a webshell to achieve remote command execution. Multiple sources (NVD entry) describe the impact as high to critical with high confident...

CVE-2024-1527 Unrestricted Upload of File with Dangerous Type in CMS Made Simple

Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security measures of the upload functionality and potentially create a remote execution of commands via webshell...