CVE-2026-5502

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course content manipulation in versions up to and including 3.9.8. This is due to a missing authorization check in the tutorupdatecoursecontentorder function. The function only validates the...

CVE-2026-6080 Tutor LMS <= 3.9.8 - Authenticated (Admin+) SQL Injection via 'date' Parameter

The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.9.8. This is due to insufficient escaping on the 'date' parameter combined with direct interpolation into a SQL fragment before being passed to $wpdb-prepare. This makes it possible for authenticat...

WordPress Tutor LMS plugin <= 3.9.8 - Authenticated (Admin+) SQL Injection via 'date' Parameter vulnerability

Authenticated Admin+ SQL Injection via 'date' Parameter vulnerability discovered by PRISM in WordPress Plugin Tutor LMS versions = 3.9.8...

WordPress Tutor LMS plugin <= 3.9.8 - Authenticated (Subscriber+) Arbitrary Course Content Manipulation via tutor_update_course_content_order vulnerability

Authenticated Subscriber+ Arbitrary Course Content Manipulation via tutorupdatecoursecontentorder vulnerability discovered by momopon1415 in WordPress Plugin Tutor LMS versions = 3.9.8...

PT-2026-33407

The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.9.8. This is due to insufficient escaping on the 'date' parameter combined with direct interpolation into a SQL fragment before being passed to $wpdb-prepare. This makes it possible for authenticat...

CVE-2026-25406

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro tutor-pro allows Authentication Abuse.This issue affects Tutor LMS Pro: from n/a through = 3.9.8...

EUVD-2023-43350

Malicious code in bioql PyPI...

CVE-2024-32580

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Averta Master Slider allows Stored XSS.This issue affects Master Slider: from n/a through 3.9.8...

CVE-2024-1425

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Calendar Widget Link in all versions up to, and including, 3.9.8 due to insufficient input...

CVE-2024-31215

Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s...

CVE-2025-23740

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zbynek Nedoma Easy School Registration easy-school-registration allows Reflected XSS.This issue affects Easy School Registration: from n/a through = 3.9.8...

CVE-2025-23740 WordPress Easy School Registration plugin <= 3.9.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zbynek Nedoma Easy School Registration easy-school-registration allows Reflected XSS.This issue affects Easy School Registration: from n/a through = 3.9.8...

PT-2025-1624 · WordPress · Eventer

Name of the Vulnerable Software and Affected Versions: Eventer plugin for WordPress versions up to, and including, 3.9.8 Description: The issue concerns a SQL injection vulnerability via the event parameter in the eventer get attendees function. This vulnerability is due to insufficient escaping ...

WordPress plugin Eventer SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

CVE-2024-31284

Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.9.8...

WordPress plugin EmbedPress security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

MySQL2 安全漏洞

MySQL2 is a MySQL client for Node.js by the individual developer Andrey Sidorov. A security vulnerability exists in MySQL2 versions prior to 3.9.8 that stems from a prototype contamination vulnerability due to improper sanitization of input passed to fields and tables when using nestTables...

CVE-2024-32580

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Averta Master Slider allows Stored XSS.This issue affects Master Slider: from n/a through 3.9.8...

WordPress Master Slider plugin <= 3.9.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Master Slider versions = 3.9.8...

WordPress Master Slider Plugin <= 3.9.8 is vulnerable to Cross Site Scripting (XSS)

Software Master Slider Type Plugin Vulnerable versions = 3.9.8 Fixed in 3.9.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32580 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7119ccf52d56 Credits LVT-tholv2k Required privilege Contribut...