CVE-2026-3878

The vulnerability affects the WordPress WP Docs plugin, with a Stored Cross-Site Scripting (XSS) flaw in the wpdocs_options[icon_size] parameter across all versions up to 2.2.9. The root cause is insufficient input sanitization and output escaping, allowing authenticated attackers with subscriber...

WordPress plugin Endless Posts Navigation 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

EUVD-2025-25320

Malicious code in bioql PyPI...

CVE-2025-53985

Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetTabs jet-tabs allows Retrieve Embedded Sensitive Data.This issue affects JetTabs: from n/a through = 2.2.9...

PT-2024-32544 · Unknown · Social Share Buttons By Supsystic +1

Name of the Vulnerable Software and Affected Versions: Supsystic Slider versions 1.8.6 and earlier Supsystic Social Share Buttons versions 2.2.9 and earlier Description: The issue is related to a Missing Authorization vulnerability in Supsystic Slider and Supsystic Social Share Buttons. This allo...

PT-2024-27598 · Oceanwp · Oceanwp Ocean Extra

Name of the Vulnerable Software and Affected Versions: OceanWP Ocean Extra versions 2.2.9 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For...

WordPress Social Share Buttons by Supsystic plugin <= 2.2.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Social Share Buttons by Supsystic versions = 2.2.9...

WordPress plugin WooDiscuz – WooCommerce Comments 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WooDiscuz ...

Magento cross-site scripting vulnerability (CNVD-2019-26247)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. A cross-site scripting vulnerability exists in Magento version 2.1.18 before version 2.1, 2.2.9 before version 2....

Magento Authorization Issues Vulnerabilities

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. A security vulnerability exists in Magento version 2.1 prior to 2.1.18, version 2.2 prior to 2.2.9, and version 2...

Magento cross-site scripting vulnerability (CNVD-2019-26233)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. A cross-site scripting vulnerability exists in Magento version 2.1.18 before version 2.1, version 2.2.9 before...

DEBIAN-CVE-2018-1000078

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting XSS vulnerability in gem server display of homepage attribute that can...

Apache Httpd < 2.2.16 : Timeout detection flaw (mod_proxy_http)

An information disclosure flaw was found in modproxyhttp in versions 2.2.9 through 2.2.15, 2.3.4-alpha and 2.3.5-alpha. Under certain timeout conditions, the server could return a response intended for another user. Only Windows, Netware and OS2 operating systems are affected. Only those...