WordPress plugin Le Truffe 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Unitree Go2 访问控制错误漏洞

The Unitree Go2 is a robotic dog developed by the Chinese company Unitree. Versions 1.1.7 to 1.1.9, as well as version 1.1.11 of Unitree Go2, have vulnerabilities related to access control. These vulnerabilities stem from the lack of DDS authentication or authorization for the Eclipse CycloneDDS...

WordPress plugin FreightCo 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress Couponer for Elementor plugin <= 1.1.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Couponer for Elementor versions = 1.1.7...

EUVD-2025-204705

Cross-Site Request Forgery CSRF vulnerability in PluginOps Feather Login Page allows Cross Site Request Forgery.This issue affects Feather Login Page: from n/a through 1.1.7...

CVE-2025-66165

Missing Authorization vulnerability in merkulove Lottier for WPBakery lottier-wpbakery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lottier for WPBakery: from n/a through = 1.1.7...

WordPress plugin Document Library Lite 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2025-51441

Name of the Vulnerable Software and Affected Versions Barn2 Plugins Document Library Lite versions through 1.1.7 Description The Document Library Lite plugin contains a flaw related to improper input handling during web page generation, leading to a Cross-site Scripting XSS condition. This specif...

WordPress plugin Multi Uploader for Gravity Forms 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A path travers...

PT-2025-42237

The Ova Advent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

CVE-2025-48349

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in origincode Video Gallery – Vimeo and YouTube Gallery smart-grid-gallery allows Stored XSS.This issue affects Video Gallery – Vimeo and YouTube Gallery: from n/a through = 1.1.7...

Havalite CMS 安全漏洞

Havalite CMS is a content management system for Havalite Personal Developers. A security vulnerability exists in Havalite CMS version 1.1.7 and earlier, which stems from insufficient file upload validation and could lead to remote code execution...

WordPress Lettery <= 1.1.7 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Bonds Patchstack Alliance in WordPress Theme Lettery versions = 1.1.7...

WordPress WIP WooCarousel Lite plugin <= 1.1.7 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WIP WooCarousel Lite versions = 1.1.7...

PT-2025-2476 · Unknown · Blossom Shop

Name of the Vulnerable Software and Affected Versions: Blossom Shop versions 1.1.7 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This can be achieved by tricking the user into...

PT-2024-29786 · WordPress · Affieasy

Name of the Vulnerable Software and Affected Versions: AffiEasy plugin for WordPress versions up to, and including, 1.1.7 Description: The issue is related to Cross-Site Request Forgery. This occurs because the plugin improperly releases the tagged and patched version, using the vulnerable versio...

com.alibaba.otter:canal.deployer (>=1.1.7 <=1.1.8), com.alibaba.otter:canal.instance.core (>=1.1.7 <=1.1.8) +90 more potentially affected by CVE-2021-21290 +1 more via org.jboss.netty:netty (>=3.1.0.BETA1 <=3.2.10.Final)

org.jboss.netty:netty MAVEN version =3.1.0.BETA1, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.6.4 and more Source cves: CVE-2021-21290, CVE-2022-24823 Source advisory: OSV:GHSA-5MCR-GQ6C-3HQ2...