CVE-2025-14430

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Brook brook allows PHP Local File Inclusion.This issue affects Brook: from n/a through = 2.9.0...

CVE-2025-14430 WordPress Brook - Agency Business Creative theme <= 2.9.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Brook brook allows PHP Local File Inclusion.This issue affects Brook: from n/a through = 2.9.0...

PT-2026-1740

Name of the Vulnerable Software and Affected Versions ThemeMove Brook - Agency Business Creative versions through 2.8.9 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for t...

EUVD-2022-51979

Malicious code in bioql PyPI...

CVE-2024-5149

The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification...

PT-2025-17898 · WordPress · Jobsearch Wp Job Board

Name of the Vulnerable Software and Affected Versions: JobSearch WP Job Board plugin for WordPress versions prior to 2.8.9 Description: The issue is related to authentication bypass due to improper configurations in the jobsearch xing response data callback, set access tokes, and google callback...

WordPress Ultimate Member plugin <= 2.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Profile Picture Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary User Profile Picture Update vulnerability discovered by tiborisaak in WordPress Plugin Ultimate Member versions = 2.8.9...

PT-2024-22417 · WordPress · Enhanced Media Library

Name of the Vulnerable Software and Affected Versions: Enhanced Media Library plugin for WordPress versions up to, and including, 2.8.9 Description: The issue allows authenticated attackers with author-level access and above to inject arbitrary web scripts in pages via media upload functionality...

WordPress Social Media & Share Icons Plugin < 2.8.9 is vulnerable to Cross Site Scripting (XSS)

Software Social Media & Share Icons Type Plugin Vulnerable versions 2.8.9 Fixed in 2.8.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2118 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7af0889b0efd Credits Dmitrii Ignatye...

BIT-DISCOURSE-2022-36066 Discourse vulnerable to RCE via admins uploading maliciously zipped file

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on the beta and tests-passed branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution...

BIT-DISCOURSE-2022-39226 Discourse user profile location and website fields were not sufficiently length-limited

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on the beta and tests-passed branches, a malicious actor can add large payloads of text into the Location and Website fields of a user profile, which causes issues for other...

SUSE CVE-2017-7525

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...

PT-2022-25665 · Ezoic · Ezoic Plugin

Name of the Vulnerable Software and Affected Versions: Ezoic plugin versions prior to 2.8.9 Description: The issue allows for unauthenticated changes to plugin settings, leading to stored XSS. Recommendations: For Ezoic plugin versions prior to 2.8.9, update to version 2.8.9 or later to resolve t...

Discourse input validation error vulnerability

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. versions of Discourse prior to 2.8.9, and prior to 2.9.0.beta10, contain an input validation error vulnerability that could be exploited by an attacker to add large text load...

Discourse < 2.8.9, 2.9.x - 2.9.0.beta9 RCE Vulnerability

Discourse is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Discourse < 2.8.9, 2.9.x - 2.9.0.beta9 Privilege Escalation Vulnerability

Discourse is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse";...

CVE-2022-36068

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on the beta and tests-passed branches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The problem is patched in...

CVE-2022-36066

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on the beta and tests-passed branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution...

Input validation

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on the beta and tests-passed branches, a malicious actor can add large payloads of text into the Location and Website fields of a user profile, which causes issues for other...

CVE-2022-39226 Discourse user profile location and website fields were not sufficiently length-limited

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on the beta and tests-passed branches, a malicious actor can add large payloads of text into the Location and Website fields of a user profile, which causes issues for other...