CVE-2026-32587

Missing Authorization vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP EasyPay: from n/a through = 4.2.11...

WordPress WP EasyPay plugin <= 4.2.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WP EasyPay versions = 4.2.11...

PT-2026-25764

Missing Authorization vulnerability in Saad Iqbal WP EasyPay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP EasyPay: from n/a through 4.2.11...

CVE-2025-68983

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Greenmart greenmart allows PHP Local File Inclusion.This issue affects Greenmart: from n/a through = 4.2.11...

CVE-2023-47258

Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter...

Moodle < 4.1.14 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.14, 4.2.x prior to 4.2.11, 4.3.x prior to 4.3.8, or 4.4.x prior to 4.4.4. It is, therefore, affected by multiple vulnerabilities. - An IDOR when fetching report schedules. - Some users can...

Fedora: Security Advisory (FEDORA-2025-04475838f9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress plugin Slope Widgets 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-29115 · WordPress · Cm Tooltip Glossary – Powerful Glossary Plugin

Name of the Vulnerable Software and Affected Versions: CM Tooltip Glossary – Powerful Glossary Plugin plugin for WordPress versions up to, and including, 4.2.11 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation when saving settings. This...

WordPress CM Tooltip Glossary plugin <= 4.2.11 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Benedictus Jovan in WordPress Plugin CM Tooltip Glossary versions = 4.2.11...

WordPress CM Tooltip Glossary Plugin <= 4.2.11 is vulnerable to Cross Site Request Forgery (CSRF)

Software CM Tooltip Glossary Type Plugin Vulnerable versions = 4.2.11 Fixed in 4.3.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4086 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 099499e9a7ab Credits Benedictus Jova...

JVN#13618065: Redmine vulnerable to cross-site scripting

Redmine contains a cross-site scripting vulnerability CWE-79 due to improper character string processing. Impact An arbitrary script may be executed on the web browser of the user who is using the product. Solution Update the Software Update the software to the latest version according to the...

CVE-2023-47260

Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails...

DEBIAN-CVE-2023-47259

Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter...

UBUNTU-CVE-2023-47258

Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter...

UBUNTU-CVE-2023-47260

Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails...

PT-2023-9190 · Redmine · Redmine

Name of the Vulnerable Software and Affected Versions: Redmine versions prior to 4.2.11 Redmine versions 5.0.x prior to 5.0.6 Description: The issue is related to a lack of protection in the structure of web pages, allowing for cross-site scripting XSS attacks in the Textile formatter. This could...

PT-2023-9191 · Redmine · Redmine

Name of the Vulnerable Software and Affected Versions: Redmine versions prior to 4.2.11 Redmine versions 5.0.x prior to 5.0.6 Description: The issue is related to a component in the Redmine web application for project and task management, specifically in the Markdown formatter. It allows for...

CVE-2023-25182

Uncontrolled search path element in the IntelR UniteR Client software for Mac before version 4.2.11 may allow an authenticated user to potentially enable escalation of privilege via local access...

Insufficient Session Expiration

Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.2.11...