WordPress Vagaro Booking Widget plugin <= 0.3 - Unauthenticated Stored Cross-Site Scripting via 'vagaro_code' vulnerability

Unauthenticated Stored Cross-Site Scripting via 'vagarocode' vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Vagaro Booking Widget versions = 0.3...

WordPress plugin Vagaro Booking Widget 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Apache Livy: Unauthorized directory access

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Livy. This issue affects Apache Livy: from 0.3.0 before 0.9.0. The vulnerability can only be exploited with non-default Apache Livy Server settings. If the configuration value...

CVE-2025-67485 HTTP/HTTPS Traffic Interception Bypass in mad-proxy

mad-proxy is a Python-based HTTP/HTTPS proxy server for detection and blocking of malicious web activity using custom security policies. Versions 0.3 and below allow attackers to bypass HTTP/HTTPS traffic interception rules, potentially exposing sensitive traffic. This issue does not have a fix a...

HTTP/HTTPS Traffic Interception Bypass in mad-proxy

A vulnerability in mad-proxy versions = 0.3 allows attackers to bypass HTTP/HTTPS traffic interception rules, potentially exposing sensitive traffic...

CVE-2025-12038 Folderly <= 0.3 - Incorrect Authorization to Authenticated (Author+) Term Deletion

The Folderly plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the /wp-json/folderly/v1/config/clear-all-data REST API endpoint in all versions up to, and including, 0.3. This makes it possible for authenticated attackers, with...

PT-2025-4676 · WordPress · Wp Headmaster

Name of the Vulnerable Software and Affected Versions: WP Headmaster versions 0.3 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Reflected XSS. This means that an attacker can inject malicious code into a website,...

Chaosblade 安全漏洞

Chaosblade is an open source experimental injection tool from ChaosBlade Open Source. A security vulnerability exists in Chaosblade versions 0.3 through 1.7.3, which stems from allowing the execution of operating system commands via the cmd parameter without authentication when using server mode...

PT-2024-13406 · Unknown · Chaosblade

Name of the Vulnerable Software and Affected Versions: Chaosblade versions 0.3 through 1.7.3 Description: The issue allows OS command execution via the cmd parameter without authentication when server mode is used. This is related to the exec.CommandContext in Chaosblade. Recommendations: For...

PT-2023-7082

Name of the Vulnerable Software and Affected Versions ownCloud owncloud/graphapi versions 0.2.x through 0.2.0 and versions 0.3.x through 0.3.0 Description The issue is related to the graphapi app in ownCloud, which relies on a third-party GetPhpInfo.php library. This library provides a URL that,...

CVE-2023-25470

Cross-Site Request Forgery CSRF vulnerability in Anton Skorobogatov Rus-To-Lat plugin = 0.3 versions...