14 matches found
BIT-MYSQL-CLIENT-2026-44172 MariaDB: mysql_real_escape_string() incorrectly handled big5
MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections,...
CVE-2026-12089
The vulnerability CVE-2026-12089 affects the WordPress plugin “LWS Optimize – All-in-One Speed Booster & Cache Tools” up to version 3.3.19. The root cause is in the combine_current_css() function, which trusts href values harvested from page HTML and converts same-site URLs to absolute filesyste...
CVE-2026-12089 WS Optimize – All-in-One Speed Booster & Cache Tools <= 3.3.19 - Authenticated (Editor+) Arbitrary File Read
The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 3.3.19. This is due to the combinecurrentcss function trusting values harvested from page HTML and converting same-site URLs to absolute filesystem...
PT-2026-49072
Name of the Vulnerable Software and Affected Versions LWS Optimize – All-in-One Speed Booster & Cache Tools versions prior to 3.3.20 Description The plugin is subject to an arbitrary file read issue. This occurs because the combine current css function trusts values harvested from page HTML and...
EUVD-2026-36517
MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections,...
PT-2024-36474 · Unknown · Getsimple Cms
Name of the Vulnerable Software and Affected Versions: GetSimple CMS CE version 3.3.19 Description: The issue allows for Server-Side Request Forgery SSRF in the plug-in download address on the management page of the backend management system. This can be achieved within the GetSimple CMS CE...
GetSimple CMS 安全漏洞
GetSimple CMS is a content management system from GetSimple CMS open source. A security vulnerability exists in GetSimple CMS version 3.3.19, which originates from the download address of a plugin in the backend management system, and can enable server-side request forgery attacks...
GetSimple CMS 安全漏洞
GetSimple CMS is a content management system from GetSimple CMS open source. A security vulnerability exists in GetSimple CMS version 3.3.19, which stems from a vulnerability in the back-end plugin module to a server-side request forgery attack...
PT-2024-36475 · Unknown · Getsimple Cms
Name of the Vulnerable Software and Affected Versions: GetSimple CMS CE version 3.3.19 Description: The issue is related to Server-Side Request Forgery SSRF in the backend plugin module. This allows an attacker to forge requests from the server, potentially leading to unauthorized access or...
GetSimple CMS 安全漏洞
GetSimple CMS is a content management system from GetSimple CMS open source. A security vulnerability exists in GetSimple CMS version 3.3.19, which stems from the presence of an arbitrary code execution vulnerability that can be exploited by an attacker to implement code that can be executed...
CVE-2023-2496
The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability check on the 'validateupload' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a...
WordPress plugin Go Pricing - WordPress Responsive Pricing Tables 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Go Pricing - WordPres...
WordPress plugin Go Pricing - WordPress Responsive Pricing Tables 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Go Pricing - WordPres...
WordPress MPG Plugin <= 3.3.19 is vulnerable to SQL Injection
Software MPG Type Plugin Vulnerable versions = 3.3.19 Fixed in 3.3.20 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-33927 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID ad0baec3bee8 Credits LEE SE HYOUNG hackintoanetwork Required privilege...