CVE-2026-40201

@diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file...

PT-2026-36308

Name of the Vulnerable Software and Affected Versions @diplodoc/search-extension versions 1.0.0 through 3.0.2 Description Stored Cross-Site Scripting XSS occurs via the title in a .md file. Stored XSS is a type of vulnerability where a malicious script is permanently stored on the target server,...

CVE-2025-11725 Aruba HiSpeed Cache <= 3.0.2 - Missing Authorization to Unauthenticated Plugin's Settings Modification

The Aruba HiSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the multiple functions in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to modify plugin's configuration settings,...

CVE-2025-13979

Privilege Defined With Unsafe Actions vulnerability in Drupal Mini site allows Stored XSS.This issue affects Mini site: from 0.0.0 before 3.0.2...

WordPress plugin Typify 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress Email Verification for WooCommerce plugin <= 3.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Email Verification for WooCommerce versions = 3.0.2...

CVE-2025-54721 WordPress Resca theme <= 3.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress Resca resca allows Reflected XSS.This issue affects Resca: from n/a through = 3.0.2...

Burgerportaal 安全漏洞

Burgerportaal is a GPP-Woo open source site for reading public documents. A security vulnerability exists in Burgerportaal versions prior to 2.0.3, prior to 3.0.2, and prior to 4.0.1, which stems from the exposure of employee names and e-mail addresses in a web response, which could lead to...

0wcc9yywcywy (=1.0.0), 0wu8yw8by8cw (=1.0.0) +2805 more potentially affected by CVE-2025-48387 via tar-fs (>=3.0.2 <=3.0.8)

tar-fs NPM version =3.0.2, =0.0.1, =2.0.0, =1.0.0, =1.0.1 and more Source cves: CVE-2025-48387 Source advisory: OSV:GHSA-8CJ5-5RVV-WF4V...

WordPress Post SMTP plugin <= 3.0.2 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Post SMTP versions = 3.0.2...

PT-2024-35502 · Adobe · Substance3D - Stager

Name of the Vulnerable Software and Affected Versions: Substance3D - Stager versions 3.0.2 and earlier Description: The issue is an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR...

PT-2024-30450 · Unknown · Presto Player

Name of the Vulnerable Software and Affected Versions: Presto Player versions 3.0.2 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For Presto Player versions...

CVE-2024-37414

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Stored XSS.This issue affects Depicter Slider: from n/a through 3.0.2...

WordPress Cliengo - Chatbot plugin <= 3.0.2 - Missing Authorization to Unauthenticated Chatbot Settings Update vulnerability

WordPress Cliengo - Chatbot plugin = 3.0.2 - Missing Authorization to Unauthenticated Chatbot Settings Update vulnerability discovered by Lucio Sá in WordPress Plugin Cliengo – Chatbot versions = 3.0.2...

WordPress Edwiser Bridge plugin <= 3.0.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin Edwiser Bridge versions = 3.0.2...

PT-2024-21029 · Castos · Castos Seriously Simple Podcasting

Name of the Vulnerable Software and Affected Versions: Castos Seriously Simple Podcasting versions 3.0.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS. Recommendations...

PrestaShop nkmgls Cross-Site Scripting Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A cross-site scripting vulnerability exists in PrestaShop nkmgls versions prior to 3.0.2, which stems from a...

PT-2023-27403 · Jenkins · Jenkins Delphix Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Delphix Plugin versions 3.0.2 and earlier Description: The issue allows attackers with Overall/Read permission to access and capture credentials they are not entitled to, due to the plugin not setting the appropriate context for...

PT-2023-24973 · Taocms · Taocms

Name of the Vulnerable Software and Affected Versions: taocms versions 3.0.2 and earlier Description: The issue is related to Cross Site Scripting XSS. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was...

SUSE CVE-2015-4335

Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command...