CVE-2026-41554

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a through 1.9.2 to 2.2...

WordPress StreamWeasels Twitch Integration plugin <= 1.9.2 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin StreamWeasels Twitch Integration versions = 1.9.2...

CVE-2026-1926

The connected PatchStack entry describes a vulnerability in WordPress Subscriptions for WooCommerce (plugin) versions

CVE-2025-62736

Missing Authorization vulnerability in opicron Image Cleanup image-cleanup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Cleanup: from n/a through = 1.9.2...

WordPress Image Cleanup plugin <= 1.9.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Image Cleanup versions = 1.9.2...

Logrus 安全漏洞

Logrus is a logging library for Go by the individual developer Simon Eskildsen. A security vulnerability exists in Logrus versions prior to 1.8.3, 1.9.0, and 1.9.2, which stems from a denial of service that can be caused by logging a single line with a payload greater than 64KB...

CVE-2025-62968

CVE-2025-62968 is a Stored XSS vulnerability in the WordPress plugin WP Last Modified Info (wp-last-modified-info) due to improper input neutralization during web page generation. Affected range is WP Last Modified Info: from n/a through

EUVD-2025-35479

Improper Control of Generation of Code 'Code Injection' vulnerability in Sayan Datta WP Last Modified Info wp-last-modified-info allows Remote Code Inclusion.This issue affects WP Last Modified Info: from n/a through = 1.9.2...

CVE-2025-9882 osTicket WP Bridge <= 1.9.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The osTicket WP Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

WordPress plugin Loginizer Security and Loginizer 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. An authorization issue...

PT-2024-28218 · Jegstudio · Jegstudio Gutenverse

Name of the Vulnerable Software and Affected Versions: Jegstudio Gutenverse versions 1.9.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For...

WTF - A Personal Information Dashboard For Your Terminal

A personal terminal-based dashboard utility, designed for displaying infrequently-needed, but very important, daily data. Quick Start Download and run the latest binary or install from source: go get -u github.com/senorprogrammer/wtf cd $GOPATH/src/github.com/senorprogrammer/wtf make install make...

SPIP Cross-Site Request Forgery Vulnerability

SPIP is a free Web-based content publishing system. The system is primarily used for online collaboration. A cross-site request forgery vulnerability exists in SPIP versions 1.9.2-SPIP 3.0.7, which can be exploited by an attacker to perform unauthorized operations...

SPIP Directory Traversal Vulnerability

SPIP is a free Web-based content publishing system. The system is primarily used for online collaboration. A directory traversal vulnerability exists in SPIP versions 1.9.2-SPIP 3.0.7, which can be exploited by an attacker to steal cookie-based authentication and read arbitrary files, among other...