WordPress plugin Petje.af 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

TinaCMS 安全漏洞

TinaCMS is an open-source headless CMS for Markdown, MDX, and JSON developed by Tina. Versions of TinaCMS prior to 2.1.8 contained security vulnerabilities. These vulnerabilities stemmed from the TinaCMS CLI development server having a lax CORS policy configured. Combined with path traversal...

PT-2025-14738 · Publitio · Publitio

Name of the Vulnerable Software and Affected Versions: Publitio versions n/a through 2.1.8 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'. This allows for Path Traversal in Publitio. Recommendations: For versions...

PT-2025-5054 · Unknown · Fures Xtra Settings

Name of the Vulnerable Software and Affected Versions: fures XTRA Settings versions n/a through 2.1.8 Description: The issue is related to improper neutralization of input during web page generation, which allows for Reflected XSS. This means that an attacker can inject malicious scripts into the...

PT-2023-27330 · Woocommerce · Thedotstore Product Attachment For Woocommerce

Name of the Vulnerable Software and Affected Versions: theDotstore Product Attachment for WooCommerce plugin versions = 2.1.8 Description: A Cross-Site Request Forgery CSRF issue affects the plugin, allowing unauthorized actions to be performed on behalf of authenticated users. This can lead to...

WordPress plugin CodeBard Patron Button and Widgets for Patreon Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

GHSA-V5RQ-W2XM-7G5F Improper Access Control in MySQL Connector Python

Vulnerability in the MySQL Connectors component of Oracle MySQL subcomponent: Connector/Python. Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connector...

@csltech/strong-nginx-controller (>=1.0.2 <=1.0.3), @csltech/strong-pm (>=7.0.0 <=7.0.2) +56 more potentially affected by CVE-2016-1000233 via swagger-ui (>=2.0.17 <=2.1.8-M1)

swagger-ui NPM version =2.0.17, =1.0.2, =7.0.0, =3.0.1, =2.0.0, =1.0.1, =1.0.1, =2.8.29, =1.0.1, =5.0.232, =0.0.1, =0.4.1, =1.0.1, =0.0.1, =0.0.27, =0.1.9 and more Source cves: CVE-2016-1000233 Source advisory: OSV:GHSA-MRX7-8HXF-F853...