WordPress Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More plugin <= 2.5.8 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WordPress Team Members – GS Plugins versions = 2.5.8...

CVE-2025-15599 DOMPurify XSS via Textarea Rawtext Bypass in SAFE_FOR_XML

DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFEFORXML regex. Attackers can include closing rawtext tags like in attribute...

CVE-2026-23547 WordPress CMSMasters Content Composer plugin <= 2.5.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CMSMasters Content Composer: from n/a through = 2.5.8...

CVE-2026-23547

CVE-2026-23547 : WordPress CMSMasters Content Composer plugin

WordPress Cookie Notice & Compliance for GDPR / CCPA plugin <= 2.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Cookie Notice & Compliance for GDPR / CCPA versions = 2.5.8...

CVE-2025-67554 WordPress Cookie Notice & Compliance for GDPR / CCPA plugin <= 2.5.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Humanityco Cookie Notice & Compliance for GDPR / CCPA cookie-notice allows Stored XSS.This issue affects Cookie Notice & Compliance for GDPR / CCPA: from n/a through = 2.5.8...

CVE-2025-11186

The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cookiesaccepted shortcode in all versions up to, and including, 2.5.8 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

EUVD-2025-198531

The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cookiesaccepted shortcode in all versions up to, and including, 2.5.8 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

PT-2025-47823

The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cookies accepted shortcode in all versions up to, and including, 2.5.8 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

EUVD-2025-38045

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in fuelthemes Revolution revolution.This issue affects Revolution: from n/a through 2.5.8...

CVE-2025-62066

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in fuelthemes Revolution revolution.This issue affects Revolution: from n/a through 2.5.8...

CVE-2025-62066 WordPress Revolution theme < 2.5.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in fuelthemes Revolution revolution.This issue affects Revolution: from n/a through 2.5.8...

EUVD-2023-26824

Malicious code in bioql PyPI...

OpenVPN ovpn-dco-win 安全漏洞

OpenVPN ovpn-dco-win is a virtual network adapter on Windows from OpenVPN. A security vulnerability exists in OpenVPN ovpn-dco-win version 1.3.0 and earlier and version 2.5.8 and earlier, which stems from a kernel driver buffer overflow that could cause a system crash...

CVE-2022-3978

A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. This affects an unknown part of the file /register/abort. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.5.8 is able to address this...

WordPress WP AdCenter plugin <= 2.5.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin WP AdCenter versions = 2.5.8...

CVE-2025-30372

Emlog is an open source website building system. Emlog Pro versions pro-2.5.7 and pro-2.5.8 contain an SQL injection vulnerability. searchcontroller.php does not use addslashes after urldecode, allowing the preceeding addslashes to be bypassed by URL double encoding. This could result in potentia...

CVE-2025-22284

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in enituretechnology LTL Freight Quotes – Unishippers Edition ltl-freight-quotes-unishippers-edition allows Reflected XSS.This issue affects LTL Freight Quotes – Unishippers Edition: from n/a through ...

CVE-2025-22284

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in enituretechnology LTL Freight Quotes – Unishippers Edition allows Reflected XSS. This issue affects LTL Freight Quotes – Unishippers Edition: from n/a through 2.5.8...

PT-2025-6946 · Unknown · Ltl Freight Quotes – Unishippers Edition

Name of the Vulnerable Software and Affected Versions: LTL Freight Quotes – Unishippers Edition versions 2.5.8 and earlier Description: The issue is related to a Missing Authorization vulnerability in LTL Freight Quotes – Unishippers Edition, which allows exploiting incorrectly configured access...