7 matches found
CVE-2025-69059
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes DiveIt diveit allows PHP Local File Inclusion.This issue affects DiveIt: from n/a through = 1.4.3...
CVE-2025-64383
CVE-2025-64383 describes a Stored XSS vulnerability in the WordPress Qi Blocks plugin (qi-blocks) by QodeInteractive, affecting versions up to and including 1.4.3. The issue stems from improper input neutralization during web page generation, enabling an attacker-controlled payload to be stored o...
CVE-2025-12180
The Qi Blocks plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.4.3. This is due to the plugin storing arbitrary CSS styles submitted via the qi-blocks/v1/update-styles REST API endpoint without proper sanitization in the updateglobalstylescallbac...
WordPress Groovy Menu Plugin <= 1.4.3 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Groovy Menu versions = 1.4.3...
playSMS Authorization Issues Vulnerabilities
playSMS is an open source SMS Short Message Service management software from Anton Raharja Software Developers in India. A security vulnerability exists in playSMS version 1.4.3 and earlier. An attacker can exploit the vulnerability to set up a user's session and can take control of a user's...
Single Sign-On for Pivotal Cloud Foundry Cross-Site Scripting Vulnerability
Pivotal Cloud Foundry PCF is an open source Platform-as-a-Service PaaS cloud computing platform from Pivotal Software that provides container scheduling, continuous delivery, and automated service deployment.Single Sign-On is one of the single sign-on components. A cross-site scripting...
PT-2001-1807 · Infodrom · Cfingerd
Name of the Vulnerable Software and Affected Versions: Infodrom cfingerd versions 1.4.3 and earlier Description: A format string issue allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function. This can be exploited by sending a...