25 matches found
PT-2026-2841
The WP Allowed Hosts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'allowed-hosts' parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress Appointify plugin <= 1.0.8 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by 0xVenus in WordPress Plugin Appointify versions = 1.0.8...
WordPress Quantic Social Image Hover plugin <= 1.0.8 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Quantic Social Image Hover versions = 1.0.8...
CVE-2025-59129
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in appointify Appointify appointify allows Blind SQL Injection.This issue affects Appointify: from n/a through = 1.0.8...
WordPress Invelity SPS connect plugin <= 1.0.8 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Invelity SPS connect versions = 1.0.8...
very_good_package (>=1.0.8 <=1.0.12) potentially affected by unknown CVE via testing054dfas (=0.0.1-security)
testing054dfas NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on testing054dfas and may be impacted: - verygoodpackage =1.0.8, =1.0.12 Source cves: unknown CVE Source advisory: OSV:MAL-2025-36728...
WordPress Arielbrailovsky-Viralad plugin <= 1.0.8 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by siyuan shao in WordPress Plugin ArielBrailovsky-ViralAd versions = 1.0.8...
WordPress My Quota plugin <= 1.0.8 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin My Quota versions = 1.0.8...
CVE-2024-13511
The Variation Swatches for WooCommerce plugin, in all versions starting at 1.0.8 up until 1.3.2, contains a vulnerability due to improper nonce verification in its settings reset functionality. The issue exists in the settingsinit function, which processes a reset action based on specific query...
WordPress MyBookProgress by Stormhill Media plugin <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via book Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via book Parameter vulnerability discovered by SOPROBRO in WordPress Plugin MyBookProgress by Stormhill Media versions = 1.0.8...
PT-2025-4562 · Unknown · Icons Enricher
Name of the Vulnerable Software and Affected Versions: Icons Enricher versions 1.0.8 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This enables attackers to inject malicious scripts...
PT-2024-13808 · Webflow · Webflow Pages
Name of the Vulnerable Software and Affected Versions: Webflow Pages versions 1.0.0 through 1.0.8 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions 1.0.0 through...
PT-2024-35875 · Softhopper · Softhopper Softtemplates For Elementor
Name of the Vulnerable Software and Affected Versions: SoftHopper Softtemplates For Elementor versions 1.0.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This means tha...
PT-2024-30887 · Truepush · Truepush
Name of the Vulnerable Software and Affected Versions: Truepush versions 1.0.0 through 1.0.8 Description: The issue is related to a Missing Authorization vulnerability, allowing exploitation of incorrectly configured access control security levels. Recommendations: For versions 1.0.0 through 1.0....
PT-2024-14124 · Unknown · Universal Passport Rx
Name of the Vulnerable Software and Affected Versions: UNIVERSAL PASSPORT RX versions 1.0.0 through 1.0.8 Description: A cross-site scripting issue exists, which may allow a remote authenticated attacker with administrative privileges to execute an arbitrary script on the user's web browser...
WordPress plugin BlogLentor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...
PT-2024-23013 · WordPress · Dracula Dark Mode
Name of the Vulnerable Software and Affected Versions: Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress versions 1.0.8 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS...
PT-2024-16793 · Openbi · Openbi
Name of the Vulnerable Software and Affected Versions: openBI versions up to 1.0.8 Description: A critical issue has been found, affecting the function index of the file /application/plugins/controller/Upload.php. This leads to unrestricted upload and can be exploited remotely. The issue has been...
PT-2024-14482 · Unknown · Woocommerce Tranzila Payment Gateway
Name of the Vulnerable Software and Affected Versions: WooCommerce Tranzila Payment Gateway versions 1.0.8 and earlier Description: The issue is related to the deserialization of untrusted data in the Anton Bond WooCommerce Tranzila Payment Gateway. Recommendations: For versions 1.0.8 and earlier...
CVE-2023-41128
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Iqonic Design WP Roadmap – Product Feedback Board allows Stored XSS.This issue affects WP Roadmap – Product Feedback Board: from n/a through 1.0.8...