WordPress plugin All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2026-25428

Server-Side Request Forgery SSRF vulnerability in totalsoft TS Poll poll-wp allows Server Side Request Forgery.This issue affects TS Poll: from n/a through = 2.5.5...

CVE-2025-68617 Use after free in fluidsynth

FluidSynth is a software synthesizer based on the SoundFont 2 specifications. From versions 2.5.0 to before 2.5.2, a race condition during unloading of a DLS file can trigger a heap-based use-after-free. A concurrently running thread may be pending to unload a DLS file, leading to use of freed...

WordPress Urna theme <= 2.5.12 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Urna versions = 2.5.12...

WordPress Crafts & Arts theme <= 2.5 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Crafts & Arts versions = 2.5...

GHSA-PQ2G-WX69-C263 Netplex Json-smart Uncontrolled Recursion vulnerability

A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service DoS. This issue exists because of an incomplete fix for...

WordPress Code Embed plugin <= 2.5 - Authenticated (Contributor+) Server-Side Request Forgery vulnerability

Authenticated Contributor+ Server-Side Request Forgery vulnerability discovered by Max Boll b0lli in WordPress Plugin Code Embed versions = 2.5...

WordPress Kodex Posts likes plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Kodex Posts likes versions = 2.5.0...

PT-2023-30207 · Unknown · Thefreewindows Auto Limit Posts Reloaded

Name of the Vulnerable Software and Affected Versions: TheFreeWindows Auto Limit Posts Reloaded plugin versions = 2.5 Description: A Cross-Site Request Forgery CSRF issue affects the plugin, allowing unauthorized actions to be performed on behalf of a user without their knowledge. Recommendations...

CVE-2023-24391

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Spider Teams ApplyOnline plugin = 2.5 versions...

PT-2023-21902 · Jenkins · Jenkins Phabricator Differential Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Phabricator Differential Plugin versions 2.1.5 and earlier Description: The issue is related to the configuration of the XML parser, which does not prevent XML external entity XXE attacks. This allows attackers who can control coverag...

SUSE CVE-2018-11776

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true either by user or a plugin like Convention Plugin and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace...

PT-2020-15362 · Jenkins · Jenkins Quality Gates Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Quality Gates Plugin versions 2.5 and earlier Description: The issue concerns the transmission of configured credentials in plain text as part of the global Jenkins configuration form. This potentially results in their exposure. The...

UBUNTU-CVE-2019-11356

The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name...

CVE-2017-1665

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559...

security flaw

Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack...

PT-2001-2571 · Imatix · Xitami

Name of the Vulnerable Software and Affected Versions: Xitami versions 2.4 through 2.5 b4 Description: The issue allows remote attackers to gain privileges due to the storage of the Administrator password in plaintext in the default.aut file. The default permissions of this file are world-readabl...