356 matches found
CVE-2025-62956
CVE-2025-62956 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Reloadly Reloadly-topup-widget (Reloadly plugin) that allows Stored XSS. Public descriptions indicate this affects Reloadly versions from n/a through <= 2.0.1. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S...
WordPress plugin Reloadly 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site...
CVE-2025-12072 Disable Content Editor For Specific Template <= 2.0 - Cross-Site Request Forgery to Template Configuration Update
The Disable Content Editor For Specific Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing nonce validation on template configuration updates. This makes it possible for unauthenticated attackers to add or...
PT-2025-43670
Name of the Vulnerable Software and Affected Versions Microweber CMS version 2.0 Description The application does not enforce minimum password length or complexity during password resets. This allows users to set weak passwords, including single-character passwords, potentially leading to account...
EUVD-2025-35418
Cross-Site Request Forgery CSRF vulnerability in Tusko Trush Advanced Custom Fields : CPT Options Pages acf-cpt-options-pages allows Object Injection.This issue affects Advanced Custom Fields : CPT Options Pages: from n/a through = 2.0.9...
CVE-2025-22166
This High severity DoS Denial of Service vulnerability was introduced in version 2.0 of Confluence Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 8.3, allows an attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely...
WordPress Rich Snippet Site Report plugin <= 2.0.0105 - Authenticated (Admin+) SQL Injection vulnerability
Authenticated Admin+ SQL Injection vulnerability discovered by johska in WordPress Theme Rich Snippet Site Report versions = 2.0.0105...
mailgen 跨站脚本漏洞
mailgen is a mail generation library by the individual developer Elad Nava. A cross-site scripting vulnerability exists in mailgen version 2.0.31 and earlier, which stems from the generatePlaintext method not properly filtering HTML tags when processing user-generated content, which could lead to...
CVE-2025-52634
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0...
EUVD-2025-32568
A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of the file /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo&style=1. Performing manipulation results in xml external entity reference. Remote exploitation of the attack is possible. Th...
EUVD-2025-29676
Malicious code in bioql PyPI...
EUVD-2025-31254
Malicious code in bioql PyPI...
CVE-2025-10000 Qyrr – simply and modern QR-Code creation <= 2.0.7 - Authenticated (Contributor+) Arbitrary File Upload
The Qyrr – simply and modern QR-Code creation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the blobtofile function in all versions up to, and including, 2.0.7. This makes it possible for authenticated attackers, with Contributor-level access...
IBM Planning Analytics Local 安全漏洞
IBM Planning Analytics Local is a web-based local architecture from International Business Machines IBM. A security vulnerability exists in IBM Planning Analytics Local versions 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13, which stems from improper input validation and could result in...
CVE-2025-59932 FlagForgeCTF Unauthenticated Resource Modification/Deletion
Flag Forge is a Capture The Flag CTF platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the...
CVE-2025-57929
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kanweidoublethedonation Double the Donation double-the-donation allows Stored XSS.This issue affects Double the Donation: from n/a through = 2.0.0...
CVE-2025-57929
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kanweidoublethedonation Double the Donation double-the-donation allows Stored XSS.This issue affects Double the Donation: from n/a through = 2.0.0...
CVE-2025-57906 WordPress Epeken All Kurir plugin <= 2.0.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in epeken Epeken All Kurir epeken-all-kurir allows Stored XSS.This issue affects Epeken All Kurir: from n/a through = 2.0.6...
PT-2025-38800
Name of the Vulnerable Software and Affected Versions Glen Scott Plugin Security Scanner versions through 2.0.2 Description The software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting XSS. This means that malicious scrip...
PT-2025-38510
Name of the Vulnerable Software and Affected Versions Service Finder SMS System plugin for WordPress versions prior to 2.1.0 Description The Service Finder SMS System plugin for WordPress does not verify a user's phone number before logging them in, leading to authentication bypass. This allows...