WordPress Ad Inserter – Ad Manager & AdSense Ads plugin <= 2.8.15 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by darkmode in WordPress Plugin Ad Inserter versions = 2.8.15...

CVE-2026-9280

CVE-2026-9280 affects the Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress. The issue is a Reflected Cross‑Site Scripting (XSS) vulnerability in URL parameters when iframe mode is enabled (AI_OPTION_IFRAME) on at least one ad block. It impacts all versions up to and including 2.8.15, s...

EUVD-2026-34945

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2025-32151

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Themekraft BuddyForms buddyforms allows PHP Local File Inclusion.This issue affects BuddyForms: from n/a through = 2.9.0...

PT-2025-14937 · Unknown · Buddyforms

Name of the Vulnerable Software and Affected Versions: BuddyForms versions n/a through 2.8.15 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' vulnerability. This allows PHP Local File...

WordPress plugin BuddyForms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...

WordPress Frontend Content Forms for User Submissions (UGC) plugin <= 2.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buddyforms_nav' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'buddyformsnav' Shortcode vulnerability discovered by Max Boll b0lli in WordPress Plugin BuddyForms versions = 2.8.15...

CVE-2024-11107

The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks...

WordPress System Dashboard Plugin < 2.8.15 is vulnerable to Cross Site Scripting (XSS)

Software System Dashboard Type Plugin Vulnerable versions 2.8.15 Fixed in 2.8.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11107 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 948953d35f1c Credits Dogus Demirkiran...

WordPress plugin Campaign Monitor for WordPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2024-37725 · WordPress · Campaign Monitor

Name of the Vulnerable Software and Affected Versions: Campaign Monitor for WordPress plugin for WordPress versions up to, and including, 2.8.15 Description: The issue is due to the plugin not properly restricting direct access to "/forms/views/admin/create.php" and display errors being enabled...

PT-2021-8091 · Unknown +6 · Ansible Engine +6

Name of the Vulnerable Software and Affected Versions: Ansible Engine versions prior to 2.8.15 Description: A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The...