CVE-2026-35055

XenForo before 2.3.9 and before 2.2.18 is vulnerable to cross-site scripting XSS related to lightbox usage in posts. An attacker can inject malicious scripts that execute when users interact with post content displayed in the lightbox...

PT-2019-11473 · Webappick +1 · Webappick Woocommerce Product Feed +1

Name of the Vulnerable Software and Affected Versions: WebAppick WooCommerce Product Feed versions 2.2.18 and earlier Description: The issue allows for Cross Site Scripting XSS which can lead to Remote Code Execution RCE via editing theme files in WordPress. This is possible when an administrator...