GHSA-W3VX-52J6-9FJP NotChatbot WebChat has a stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability exists in the NotChatbot WebChat widget thru 1.4.4. User-supplied input is not properly sanitized before being stored and rendered in the chat conversation history. This allows an attacker to inject arbitrary JavaScript code which is executed when t...

CVE-2025-69365 WordPress Uroan Core plugin <= 1.4.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Uroan Core uroan-core allows Blind SQL Injection.This issue affects Uroan Core: from n/a through = 1.4.4...

WordPress Uroan Core plugin <= 1.4.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Uroan Core versions = 1.4.4...

WordPress Action Network plugin <= 1.4.4 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Action Network versions = 1.4.4...

WordPress Jobify - Job Board WordPress Theme Theme <= 1.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Jobify - Job Board WordPress Theme Type Theme Vulnerable versions = 1.4.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2025-8318 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID edb43386dd8c Credits Muhammad...

CVE-2025-52801

Missing Authorization vulnerability in VonStroheim TheBooking thebooking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects TheBooking: from n/a through = 1.4.4...

WordPress plugin amCharts: Charts and Maps 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress tagDiv Opt-In Builder plugin <= 1.4.4 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by Truoc Phan in WordPress Plugin tagDiv Opt-In Builder versions = 1.4.4...

WordPress Block for Font Awesome plugin <= 1.4.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin Block for Font Awesome versions = 1.4.4...

WordPress Plugin Post Views Counter 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...

PT-2024-22750 · Oxyextras · Oxyextras

Name of the Vulnerable Software and Affected Versions: OxyExtras versions 1.4.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS. Recommendations: For OxyExtras versions...

WordPress plugin Better Search Replace security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2023-29892 · Niels Van Renselaar · Open Graph Metabox Plugin

Name of the Vulnerable Software and Affected Versions: Niels van Renselaar Open Graph Metabox plugin versions = 1.4.4 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...

PT-2023-29124 · Rkhunter · Rkhunter

Name of the Vulnerable Software and Affected Versions: rkhunter versions 1.4.4 through 1.4.6 Description: A vulnerability was found in the rkhunter Rootkit Hunter. The issue affects an unknown function of the file /var/log/rkhunter.log, leading to sensitive information in log files. An attack mus...

WordPress plugin Custom Post Type List Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

CVE-2022-45358

Auth. subscriber+ Reflected Cross-Site Scripting XSS vulnerability in Silkalns Activello theme = 1.4.4 versions...

AZL-44910 CVE-2021-21334 affecting package cri-o 1.30.1-1

In containerd an industry-standard container runtime before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service that share the same image may receive incorrect...

PT-2020-19961 · Npm +2 · Url-Parse +2

Name of the Vulnerable Software and Affected Versions: url-parse versions 1.4.4 and earlier Description: The issue is related to insufficient validation and sanitization of user input in the url-parse npm package, which may allow an attacker to bypass security checks. Recommendations: For version...

PT-2009-6629 · Httpdx · Httpdx

Name of the Vulnerable Software and Affected Versions: httpdx versions 1.4.4 and earlier Description: The issue allows remote attackers to obtain the source code for a web page by appending a . dot character to the URI. Recommendations: For httpdx versions 1.4.4 and earlier, consider restricting...