11 matches found
CVE-2026-45343
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains a stored cross-site scripting vulnerability that allows a low-privilege user to execute arbitrary JavaScript in an administrator's browser session. This affects instances configured with SSO/OAuth...
CVE-2026-6978
A vulnerability was detected in JiZhiCMS up to 2.5.6. The impacted element is the function htmlspecialcharsdecode of the file /index.php/admins/Sys/addcache.html. The manipulation of the argument sqls results in sql injection. It is possible to launch the attack remotely. The exploit is now publi...
CVE-2026-39662
Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Price by Formula for WooCommerce: from n/a through = 2.5.6...
JIZHICMS 安全漏洞
JIZHICMS is an open-source content management system developed by JIZHI Corporation in China. JIZHICMS versions 2.5.6 and earlier contained security vulnerabilities. These vulnerabilities were caused by insufficient input cleaning in the publish function of the app/home/c/UserController.php file,...
CVE-2025-64243 WordPress Directory Pro plugin <= 2.5.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through = 2.5.6...
WordPress plugin All-in-One Addons for Elementor – WidgetKit 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
WordPress plugin wp-connect 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-5956 · Unknown · Phillip.Gooch Auto Seo
Name of the Vulnerable Software and Affected Versions: Phillip.Gooch Auto SEO versions n/a through 2.5.6 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web applicatio...
Red Hat OpenShift Service Mesh 环境问题漏洞
Red Hat OpenShift Service Mesh is a suite of platforms for connecting, managing, and monitoring microservices-based applications from Red Hat USA. An environment issue vulnerability exists in Red Hat OpenShift Service Mesh versions 2.6.3 and 2.5.6, which stems from incorrect HTTP header handling ...
PT-2024-38379 · WordPress · Forms For Mailchimp By Optin Cat
Name of the Vulnerable Software and Affected Versions: The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress versions up to, and including, 2.5.6 Description: The issue is related to Stored Cross-Site Scripting via the form color parameters due to insufficient input...
ASP4CMS AspCMS Elevation of Privilege Vulnerability
ASP4CMS AspCMS is China's ASP4CMS open source laboratory of a free enterprise website construction system . The system supports customized templates and plug-in extensions and other features. ASP4CMS AspCMS 2.5.6 version of a security vulnerability , the vulnerability stems from the /member/reg.a...