WordPress plugin Payment Gateway Pix For GiveWP 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-23495

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API endpoint for listing Predefined Properties in the Pimcore platform lacks adequate server-side authorization checks. Predefined Properties are configurable metadata definitions e.g., name, key, typ...

CVE-2026-23495 Pimcore's Admin Classic Bundle is Missing Function Level Authorization on "Predefined Properties" Listing

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API endpoint for listing Predefined Properties in the Pimcore platform lacks adequate server-side authorization checks. Predefined Properties are configurable metadata definitions e.g., name, key, typ...

PT-2026-3075

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API endpoint for listing Predefined Properties in the Pimcore platform lacks adequate server-side authorization checks. Predefined Properties are configurable metadata definitions e.g., name, key, typ...

CVE-2025-65270

Reflected cross-site scripting XSS vulnerability in ClinCapture EDC 3.0 and 2.2.3, allowing an unauthenticated remote attacker to execute JavaScript code in the context of the victim's browser...

CVE-2025-65270

Reflected cross-site scripting XSS vulnerability in ClinCapture EDC 3.0 and 2.2.3, allowing an unauthenticated remote attacker to execute JavaScript code in the context of the victim's browser...

CVE-2025-64358

Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce wt-smart-coupons-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Coupons for WooCommerce: from n/a through = 2.2.3...

CVE-2025-62947

Insertion of Sensitive Information Into Sent Data vulnerability in publitio Publitio publitio allows Retrieve Embedded Sensitive Data.This issue affects Publitio: from n/a through = 2.2.5...

WordPress plugin Mark Posts 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Custom Twitter Feeds 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress Custom Twitter Feeds plugin <= 2.2.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Custom Twitter Feeds Tweets Widget versions = 2.2.3...

PT-2024-21022 · Unknown · Broken Link Checker

Name of the Vulnerable Software and Affected Versions: Broken Link Checker versions through 2.2.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject...

CVE-2023-47872

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gVectors Team wpForo Forum allows Stored XSS.This issue affects wpForo Forum: from n/a through 2.2.3...

PT-2023-19550 · WordPress · Brandid Social Proof (Testimonial) Slider

Name of the Vulnerable Software and Affected Versions: brandiD Social Proof Testimonial Slider plugin versions = 2.2.3 Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with admin+ privileges can inject malicious scrip...

WordPress plugin Enhanced WP Contact Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

UBUNTU-CVE-2022-45442

Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a response when the filename is...

PT-2022-18318 · Supsystic · Social Share Buttons By Supsystic

Name of the Vulnerable Software and Affected Versions: Social Share Buttons by Supsystic plugin versions 2.2.3 and earlier Description: The issue concerns Multiple Broken Access Control vulnerabilities. No information is provided about the estimated number of potentially affected devices worldwid...

PT-2022-3657 · Mutt +10 · Mutt +10

Name of the Vulnerable Software and Affected Versions: Mutt versions 0.94.13 through 2.2.3 Description: The issue is related to a buffer overflow in the mutt decode uuencoded function of the Mutt email client. This can allow a remote attacker to gain unauthorized access to protected information o...

PT-2022-12314 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions 2.2.3 and below Description: The "Trigger DAG with config" screen in Apache Airflow is susceptible to XSS attacks via the origin query argument. Recommendations: For Apache Airflow versions 2.2.3 and below, consider...

CVE-2021-34626

A vulnerability in the deleteCustomType function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to delete custom extensions added by administrators. This issue affects versions 2.2.3 and prior...