WordPress Slideshow Gallery LITE plugin <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Slideshow Gallery versions = 1.8.5...

3D viewer – Embed 3D Models < 1.8.6 - Missing Authorization

Description The 3D viewer – Embed 3D Models plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.8.5. This makes it possible for authenticated attackers, with contributor-level access and above, to perform an...

CVE-2026-24851 OpenFGA Improper Policy Enforcement

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.5 to v1.11.2 openfga-0.2.22= Helm chart = openfga-0.2.51, v.1.8.5 = docker = v.1.11.2 are vulnerable to improper policy enforcement when certain Check call...

EUVD-2026-5633

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.5 to v1.11.2 openfga-0.2.22= Helm chart = openfga-0.2.51, v.1.8.5 = docker = v.1.11.2 are vulnerable to improper policy enforcement when certain Check call...

GHSA-JQ9F-GM9W-RWM9 OpenFGA Improper Policy Enforcement

Impact OpenFGA v1.8.5 to v1.11.2 openfga-0.2.22 = Helm chart = openfga-0.2.51, v.1.8.5 = docker = v.1.11.2 are vulnerable to improper policy enforcement when certain Check calls are executed. Affected Users Users are affected by this vulnerability if all of the following preconditions are met: -...

CVE-2025-12675

CVE-2025-12675 concerns the KiotViet Sync WordPress plugin (versions up to and including 1.8.5). The vulnerability arises from a missing capability check in saveConfig(), allowing authenticated attackers with Subscriber-level access or higher to modify the plugin configuration. Multiple sources c...

WordPress KiotViet Sync plugin <= 1.8.5 - Unauthenticated Webhook Key Exposure vulnerability

Unauthenticated Webhook Key Exposure vulnerability discovered by kr0d in WordPress Plugin KiotViet Sync versions = 1.8.5...

EUVD-2022-49930

Malicious code in bioql PyPI...

WordPress plugin ThemeLoom Widgets 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...

gotortc Cross-site Scripting vulnerability

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page links.html appends the src GET parameter 0 in all of its links for 1-click previews. The context in which src is being appended is innerHTML 1, which will insert th...

CVE-2023-30754

Unauth. Reflected Cross-Site Scripting XSS vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt plugin = 1.8.5 versions...

CVE-2023-23687

Auth. Stored Cross-Site Scripting XSS vulnerability in Youtube shortcode = 1.8.5 versions...

PT-2023-19131 · Unknown · Youtube Shortcode

Name of the Vulnerable Software and Affected Versions: Youtube shortcode versions = 1.8.5 Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. No information is provided about the estimated number of potentially affected devices worldwide or...

ALPINE-CVE-2019-13627

It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7...