WordPress plugin Simple Fields 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

WordPress Ayo Shortcodes plugin <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'color' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Ayo Shortcodes versions = 0.2...

CVE-2025-58200 WordPress Flexible FAQ Plugin <= 0.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Bage Flexible FAQ flexible-faq allows Cross Site Request Forgery.This issue affects Flexible FAQ: from n/a through = 0.2...

CVE-2025-8688

The Inline Stock Quotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

Jenkins plugin Kryptowire 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

WordPress plugin WP Responsive Auto Fit Text 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...

WordPress plugin Vignette Ads 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forge...

PT-2024-34840 · Unknown · Woocommerce

Name of the Vulnerable Software and Affected Versions: Search order by product SKU for WooCommerce versions 0.2 and earlier Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS,...

WordPress plugin Bible Text security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, WordPress is a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin...

WordPress Bible Text plugin <= 0.2 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Bible Text versions = 0.2...

NVIDIA ChatRTX 跨站脚本漏洞

NVIDIA ChatRTX is a content personalization chatbot from NVIDIA Corporation. A security vulnerability exists in NVIDIA ChatRTX version 0.2 and prior versions, which originated from a vulnerability that allows an attacker to run a malicious script in a user's browser, resulting in code execution,...

PT-2023-7082

Name of the Vulnerable Software and Affected Versions ownCloud owncloud/graphapi versions 0.2.x through 0.2.0 and versions 0.3.x through 0.3.0 Description The issue is related to the graphapi app in ownCloud, which relies on a third-party GetPhpInfo.php library. This library provides a URL that,...

PT-2023-20310 · WordPress · Wp-Master.Ir Feed Changer & Remover

Name of the Vulnerable Software and Affected Versions: WP-master.Ir Feed Changer & Remover plugin versions 0.2 and earlier Description: The issue is related to an authentication bypass and Cross-Site Scripting XSS vulnerability. This allows for potential malicious script injection, affecting the...

PT-2023-10335 · Joomla · Joomla Mod Einsatz Stats

Name of the Vulnerable Software and Affected Versions: joomla mod einsatz stats versions up to 0.2 Description: A critical issue was found, affecting the getStatsByType function in the helper.php file. The manipulation of the year argument leads to SQL injection. Recommendations: For versions up ...

Dino Path Traversal Vulnerability

Dino is an open source chat client application for desktop from the Dino DINO team. Dino suffers from a path traversal vulnerability that stems from Dino prior to 0.1.2 and 0.2 failing to properly filter for special elements in the path of a resource or file. An attacker could use this...

Anymail django-anymail Information Disclosure Vulnerability

Anymail django-anymail is a set of multiple transactional e-mail service provider integrated into Django open source e-mail system . A security vulnerability exists in the WEBHOOKAUTHORIZATION setting value in Anymail django-anymail versions 0.2 through 1.3. An attacker can exploit this...

Cedric Email Reader &#40;PHP&#41;

Version : 0.2;0.3;0.4 Website : http://www.isoca.com/ Problems :Include file local, remote Version: 0.2;0.3 File: --------------------------------- email.php3 version 0.2 ; email.php version 0.3 --------------------------------- PHP Code: ---------------------------------...