14 matches found
CVE-2026-8254 Devs Palace ERP Online sales_save cross site scripting
A security flaw has been discovered in Devs Palace ERP Online up to 4.0.0. Affected by this issue is some unknown functionality of the file /inventory/salessave. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the...
CVE-2026-24362
Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from n/a through = 4.0.21...
WordPress XCloner plugin <= 4.8.2 - Cross-Site Request Forgery in Xcloner_Remote_Storage:save() vulnerability
Cross-Site Request Forgery in XclonerRemoteStorage:save vulnerability discovered by Rafshanzani Suhada in WordPress Plugin XCloner versions = 4.8.2...
CVE-2025-63060 WordPress KALLYAS theme < 4.25.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in hogash KALLYAS kallyas allows Cross Site Request Forgery.This issue affects KALLYAS: from n/a through 4.25.0...
CVE-2025-59585
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Recipe penci-recipe allows DOM-Based XSS.This issue affects Penci Recipe: from n/a through = 4.0...
CVE-2025-30939
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Debashish IFrame Widget iframe-widget allows Stored XSS.This issue affects IFrame Widget: from n/a through = 4.1...
CVE-2023-48278
Cross-Site Request Forgery CSRF vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Stored XSS.This issue affects WP Forms Puzzle Captcha: from n/a through 4.1...
CVE-2023-39649
Improper neutralization of SQL parameter in Theme Volty CMS Category Slider module for PrestaShop. In the module “Theme Volty CMS Category Slider” tvcmscategoryslider up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions...
CVE-2025-30898
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mahdi Yousefi MahdiY افزونه حمل و نقل ووکامرس پست پیشتاز و سفارشی، پیک موتوری persian-woocommerce-shipping allows Stored XSS.This issue affects افزونه حمل و نقل ووکامرس پست پیشتاز و سفارشی، پیک...
CVE-2025-26886 WordPress PublishPress Authors plugin <= 4.7.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PublishPress PublishPress Authors publishpress-authors allows SQL Injection.This issue affects PublishPress Authors: from n/a through = 4.7.3...
WordPress EventPrime plugin <= 4.0.4.5 - Open Redirection vulnerability
Open Redirection vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin EventPrime versions = 4.0.4.5...
PT-2024-19643 · WordPress · Animated Headline
Name of the Vulnerable Software and Affected Versions: Animated Headline plugin for WordPress versions up to, and including, 4.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the 'animated-headline' shortcode. This allows...
RackN Digital Rebar 安全漏洞
RackN Digital Rebar is a platform from RackN, Inc. extends IaC automation with reusable workflows that can be deployed on any platform. A security vulnerability exists in RackN Digital Rebar versions 4.6.14 and earlier, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through...
CVE-2021-38330
The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /yabp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4...