EUVD-2026-16074

The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepareobjectfordatabase' function. This makes it possible for...

WordPress ForumWP – Forum & Discussion Board plugin <= 2.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Display Name vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via Display Name vulnerability discovered by Sergej Ljubojevic in WordPress Plugin ForumWP versions = 2.1.6...

CVE-2025-54743 WordPress Download After Email Plugin 2.1.5-2.1.6 - Other Vulnerability Type Vulnerability

Missing Authorization vulnerability in mkscripts Download After Email download-after-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download After Email: from n/a through 2.1.5-2.1.6...

WordPress Custom Comment plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin Custom Comment versions = 2.1.6...

WordPress Custom Comment plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin Custom Comment versions = 2.1.6...

PT-2025-33401 · Blocksy · Blocksy

Name of the Vulnerable Software and Affected Versions: Blocksy versions through 2.1.6 Description: Improper neutralization of input during web page generation allows for Stored Cross-Site Scripting XSS. Recommendations: At the moment, there is no information about a newer version that contains a...

WordPress plugin SendPulse Email Marketing Newsletter 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin. A cross-site scripting vulnerability exists ...

PT-2025-20160 · Sendpulse · Sendpulse Email Marketing Newsletter

Name of the Vulnerable Software and Affected Versions: SendPulse Email Marketing Newsletter versions n/a through 2.1.6 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an...

CVE-2025-25151

CVE-2025-25151 describes an SQL Injection in WordPress plugin uListing (StylemixThemes) ≤ 2.1.6 due to improper neutralization of input for SQL commands. The CVSS v3.1 base metrics indicate a HIGH impact on confidentiality, LOW on availability, with NETWORK attack vector, LOW privileges required,...

WordPress WP Job Portal plugin <= 2.1.6 - Unauthenticated Local File Inclusion, Arbitrary Settings Update, and User Creation vulnerability

Unauthenticated Local File Inclusion, Arbitrary Settings Update, and User Creation vulnerability discovered by Connor Billings in WordPress Plugin WP Job Portal versions = 2.1.6...

PT-2024-13529 · Unknown · Perfmatters

Name of the Vulnerable Software and Affected Versions: Perfmatters versions 2.1.6 and earlier Description: The issue is related to a Missing Authorization vulnerability in Perfmatters. Recommendations: For Perfmatters versions 2.1.6 and earlier, update to a version later than 2.1.6 to resolve the...

CVE-2021-45040

The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route...

CMS Made Simple Code Execution Vulnerability

CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A security vulnerability exists in some core modul...

UBUNTU-CVE-2012-2361

Cross-site scripting XSS vulnerability in admin/webservice/forms.php in the web services implementation in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the name field aka the service name to...

quickForum.txt

Quick.Forum 'topic field' XSS and 'page' & 'iCategory' SQL injection vendor url:http://qc.dotgeek.org/os/index.php?p=productsQuickForum advisore:http://lostmon.blogspot.com/2005/05/quickforum-topic-field-xss-and-page.html vendor notify: yes exploit available: yes Quick.Forum contais a flaw which...