70 matches found
VulnCheck KEV: CVE-2025-32257
Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration 1-click-migration allows Retrieve Embedded Sensitive Data.This issue affects 1 Click WordPress Migration: from n/a through = 2.5.7...
CVE-2026-30578
File Thinghie 2.5.7 is vulnerable to Cross Site Scripting XSS. A malicious user can leverage the "dir" parameter of the GET request to invoke arbitrary javascript code...
EUVD-2026-13732
File Thinghie 2.5.7 is vulnerable to Cross Site Scripting XSS. A malicious user can leverage the "dir" parameter of the GET request to invoke arbitrary javascript code...
EUVD-2026-13742
File Thingie 2.5.7 is vulnerable to Directory Traversal. A malicious user can leverage the "create folder from url" functionality of the application to read arbitrary files on the target system...
File Thingie 安全漏洞
File Thingie is a file manager personally developed by Frances Leese. Version 2.5.7 of File Thingie has a security vulnerability, which stems from improper handling of special filenames during the upload file function. This vulnerability may lead to cross-site scripting attacks...
CVE-2026-30580
File Thingie 2.5.7 is vulnerable to Directory Traversal. A malicious user can leverage the "create folder from url" functionality of the application to read arbitrary files on the target system...
File Thingie 安全漏洞
File Thingie is a file manager developed by Frances Leese. Version 2.5.7 of File Thingie has a security vulnerability, which stems from improper handling of the dir parameter in GET requests, potentially leading to cross-site scripting attacks...
CVE-2026-30578
File Thinghie 2.5.7 is vulnerable to Cross Site Scripting XSS. A malicious user can leverage the "dir" parameter of the GET request to invoke arbitrary javascript code...
CVE-2026-27210
Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hostin...
EUVD-2025-205721
Missing Authorization vulnerability in Marketing Fire Discussion Board wp-discussion-board allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Discussion Board: from n/a through = 2.5.7...
WordPress plugin Discussion Board 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugi...
PT-2025-53904
Name of the Vulnerable Software and Affected Versions Marketing Fire Discussion Board wp-discussion-board versions through 2.5.7 Description An authorization issue exists in Marketing Fire Discussion Board wp-discussion-board, allowing exploitation due to incorrectly configured access control...
EUVD-2025-34142
The Pz-LinkCard WordPress plugin before 2.5.7 does not validate a parameter before making a request to it, which could allow users with a role as low as Contributor to perform SSRF attack...
CVE-2025-8594
The CVE-2025-8594 entry describes a server-side request forgery (SSRF) vulnerability in the WordPress plugin Pz-LinkCard, version prior to 2.5.7. The issue arises because a request parameter is not validated before being used, allowing users with Contributor privileges or higher to trigger SSRF a...
EUVD-2024-31401
Malicious code in bioql PyPI...
EUVD-2021-31145
Malicious code in bioql PyPI...
CVE-2025-54689
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through = 2.5.7...
CVE-2025-54689 WordPress Urna Theme <= 2.5.7 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through = 2.5.7...
PT-2025-33241 · Thembay · Urna
Name of the Vulnerable Software and Affected Versions: thembay Urna versions through 2.5.7 Description: The software contains an Improper Control of Filename for Include/Require Statement, also known as a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion. Recommendations:...
CVE-2024-43988
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in digitalnature Mystique allows Stored XSS.This issue affects Mystique: from n/a through 2.5.7...