15 matches found
CVE-2026-6439
The VideoZen plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.1. This is due to insufficient input sanitization and output escaping in the videozenconf function. The 'lang' POST parameter is stored directly via updateoption without any...
CVE-2025-53231
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdevstudio Easy Taxonomy Images easy-taxonomy-images allows Stored XSS.This issue affects Easy Taxonomy Images: from n/a through = 1.0.1...
CVE-2025-13725 Gutenberg Thim Blocks <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read via 'iconSVG' Parameter
The Gutenberg Thim Blocks – Page Builder, Gutenberg Blocks for the Block Editor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 1.0.1. This is due to insufficient path validation in the server-side rendering of the thim-blocks/icon block. This make...
WordPress Mixlr Shortcode plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Mixlr Shortcode versions = 1.0.1...
WordPress Last Updated Shortcode Plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Last Updated Shortcode versions = 1.0.1...
WordPress The integration of the AMO.CRM plugin <= 1.0.1 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Claw.k in WordPress Plugin The integration of the AMO.CRM versions = 1.0.1...
PT-2025-4476 · Service Shogun · Ach Invoice App
Name of the Vulnerable Software and Affected Versions: Ach Invoice App versions 1.0.1 and earlier Description: The issue is related to improper control of filenames for Include/Require statements in PHP, allowing PHP Local File Inclusion. This problem affects the Service Shogun Ach Invoice App,...
WordPress plugin Flaming Forms 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forge...
PT-2024-17610 · WordPress · Geodatasource Country Region Dropdown
Name of the Vulnerable Software and Affected Versions: GeoDataSource Country Region DropDown plugin for WordPress versions up to, and including, 1.0.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'gds-country-dropdown' shortcode due to insufficient input...
WordPress plugin Order Notification for Telegram 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...
School-Management-System SQL Injection Vulnerability
School-Management-System is a school management system by the individual developer Lahiru Danushka. A SQL injection vulnerability exists in School-Management-System version 1.0.0 and 1.0.1, which stems from a parameter email in the file login.php that can lead to SQL injection...
CVE-2023-32095
Improper Control of Generation of Code 'Code Injection' vulnerability in Milan Dinić Rename Media Files.This issue affects Rename Media Files: from n/a through 1.0.1...
PT-2023-10299 · WordPress · Beeliked Microsite Plugin
Name of the Vulnerable Software and Affected Versions: Beeliked Microsite Plugin versions up to 1.0.1 Description: A vulnerability has been found in the Beeliked Microsite Plugin, which is classified as problematic. The issue affects the embed handler function of the file beelikedmicrosite.php,...
a2grunnerp (>=0.1.0 <=0.1.8), abba-python (>=0.1.6 <=0.3.0) +1358 more potentially affected by CVE-2021-29518 via tensorflow (>=1.0.1 <=2.1.2)
tensorflow PYPI version =1.0.1, =0.1.0, =0.1.6, =0.0.6, =0.1.0, =0.0.1, =1.1.2, =0.0.1, =2.0.0, =0.3.26, =0.2.1, =7.13.1, =0.0.1, =0.0.2 and more Source cves: CVE-2021-29518 Source advisory: OSV:PYSEC-2021-155...
karma-mojo injection vulnerability
karma-mojo is a package that supports running a selected subset of tests in Karma. An injection vulnerability exists in karma-mojo 1.0.1 and prior versions. The vulnerability stems from a lack of proper validation of user input data by a networked system or product during the course of a user's...