60 matches found
CVE-2026-4351
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...
CVE-2026-1719
The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...
CVE-2026-1719
CVE-2026-1719 concerns the Gravity Bookings Premium WordPress plugin. Affected: Gravity Bookings Premium plugin for WordPress (versions up to and including 2.5.9). Issue: SQL Injection due to insufficient escaping of user-supplied input and inadequate preparation of the existing SQL query, enabli...
PT-2026-37435
The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...
WordPress plugin Gravity Bookings Premium SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
Apache OpenNLP 安全漏洞
Apache OpenNLP is a natural language processing toolkit developed by the Apache Foundation. There is a security vulnerability in Apache OpenNLP, which stems from AbstractModelReader not verifying whether the counts in array assignments are non-negative or within a reasonable range. This could lea...
CVE-2026-4351
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...
XOOPS CMS SQL注入漏洞
XOOPS CMS is a modular content management system developed by the XOOPS company. Version XOOPS CMS 2.5.9 has a SQL injection vulnerability. This vulnerability stems from the cid parameter being susceptible to SQL injections, which may allow unverified attackers to manipulate database queries...
WordPress plugin Booking and Rental Manager 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
CVE-2025-62744
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Steman Page Title Splitter page-title-splitter allows Stored XSS.This issue affects Page Title Splitter: from n/a through = 2.5.9...
CVE-2025-62744 WordPress Page Title Splitter plugin <= 2.5.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Steman Page Title Splitter page-title-splitter allows Stored XSS.This issue affects Page Title Splitter: from n/a through = 2.5.9...
CVE-2025-62744 WordPress Page Title Splitter plugin <= 2.5.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Steman Page Title Splitter page-title-splitter allows Stored XSS.This issue affects Page Title Splitter: from n/a through = 2.5.9...
PT-2025-54325
Name of the Vulnerable Software and Affected Versions Chris Steman Page Title Splitter versions through 2.5.9 Description The software contains a flaw related to improper input handling during web page generation, specifically a Cross-site Scripting XSS issue. This allows for Stored XSS attacks,...
EUVD-2021-34728
IntelliChoice eFORCE Software Suite 2.5.9 contains a username enumeration vulnerability that allows attackers to enumerate valid users by exploiting the 'ctl00$MainContent$UserName' POST parameter. Attackers can send requests with valid usernames to retrieve user information...
IntelliChoice eFORCE Software Suite 安全漏洞
IntelliChoice eFORCE Software Suite is an integrated software for public safety and law enforcement agencies from IntelliChoice USA. A security vulnerability exists in IntelliChoice eFORCE Software Suite version 2.5.9, which stems from a username enumeration issue with the UserName parameter that...
CVE-2025-11983
The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials Api-Key and Api-Username headers to any host specified in a post's discoursepermalink custom field...
CVE-2025-11983 WP Discourse <= 2.5.9 - Authenticated (Author+) Information Exposure
The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials Api-Key and Api-Username headers to any host specified in a post's discoursepermalink custom field...
WordPress plugin WP Discourse 信息泄露漏洞
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WP Discourse, which stem...
CVE-2025-49376
The CVE-2025-49376 entry concerns the WordPress DELUCKS SEO plugin (versions up to and including 2.5.9). The underlying issue is a Missing Authorization vulnerability: a Broken Access Control flaw that allows access to functionality not properly constrained by ACLs. Affected component is the DELU...
EUVD-2021-1459
Malware in sbrugna...