10 matches found
CVE-2025-13401
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LCP Image to preload metabox in all versions up to, and including, 3.1.13 due to insufficient input sanitization and output escaping on user-supplied image attributes in the "createimgpreloadtag" function...
EUVD-2025-200973
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LCP Image to preload metabox in all versions up to, and including, 3.1.13 due to insufficient input sanitization and output escaping on user-supplied image attributes in the "createimgpreloadtag" function...
EUVD-2022-33393
Malicious code in bioql PyPI...
PT-2025-5561 · Godaddy · Godaddy Coblocks
Name of the Vulnerable Software and Affected Versions: GoDaddy CoBlocks versions through 3.1.13 Description: The issue is related to Missing Authorization in GoDaddy CoBlocks, which enables the exploitation of incorrectly configured access control security levels. Recommendations: For versions...
CVE-2024-1339
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the reinitialize function. This makes it possible for unauthenticated attackers to remove...
phpMyFAQ 跨站脚本漏洞
phpMyFAQ is a multi-language, fully database-driven FAQ system by the individual developer Thorsten Rinne. A cross-site scripting vulnerability exists in versions prior to phpMyFAQ 3.1.13, which can be exploited by attackers to steal user cookies...
DEBIAN-CVE-2022-37155
RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the oups parameter...
UBUNTU-CVE-2022-37155
RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the oups parameter...
CodeIgniter SQL注入漏洞
CodeIgniter is an open source web framework written in PHP. A SQL injection vulnerability exists in CodeIgniter version 3.1.13 and earlier versions, which stems from a SQL injection problem in the orwherein method in the systemdatabaseDBquerybuilder.php location...
DEBIAN-CVE-2022-28959
Multiple cross-site scripting XSS vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML...