CVE-2020-10391

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/add-article.php by adding a question mark ? followed by the payload...

CVE-2020-24740

An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage...

CVE-2024-34241

A cross-site scripting XSS vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications...

CVE-2025-67090

The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint /cgi-bin/luci. An unauthenticated attacker on the local netwo...

CVE-2025-63611

Summary: CVE-2025-63611 affects phpgurukul Hostel Management System v2.1. The issue is a stored XSS in the user-provided "Explain the Complaint" field submitted to /register-complaint.php, which is rendered unescaped in the admin view at /admin/complaint-details.php?cid=. When an administrator op...

CVE-2013-7476

The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface...

CVE-2019-16704

admin/infoclassupdate.php in PHPMyWind 5.6 has stored XSS...

CVE-2019-16997

In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/languagegeneral.class.php via the admin/?n=language=languagegeneral=doExportPack appno parameter...

CVE-2019-12353

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/dlsendmail.php when the attacker has admin authority via the id parameter...

CVE-2006-3830

The Languages selection in the admin interface in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. NOTE: because the uploaded files cannot be accessed through HTTP, this...

GHSA-VFRF-VCJ7-WVR8 Signal K Server Vulnerable to Access Request Spoofing

The SignalK access request system has two related features that when combined by themselves and with the infromation disclosure vulnerability enable convincing social engineering attacks against administrators. When a device creates an access request, it specifies three fields: clientId,...

PT-2026-4489

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel’s Network File System daemon nfsd is susceptible to a server crash when attempting to unlock the filesystem through an administrative interface while nfsd is not running...

PT-2026-21774

Name of the Vulnerable Software and Affected Versions Caddy versions prior to 2.11.1 Description The local Caddy admin API, listening by default on 127.0.0.1:2019, includes a POST /load endpoint that allows replacing the entire running configuration. When origin enforcement is not enabled enforce...

CVE-2025-63038

Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through = 7.40...

CVE-2025-63038 WordPress WP Custom Admin Interface plugin <= 7.40 - Broken Access Control vulnerability

Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through = 7.40...

EUVD-2025-205975

Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through 7.40...

CVE-2025-63038 WordPress WP Custom Admin Interface plugin <= 7.40 - Broken Access Control vulnerability

Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through = 7.40...

CVE-2025-63038

Technical details for CVE-2025-63038 are not provided in the supplied documents; no affected versions, impact, or remediation are disclosed here. Monitor for updates from NVD/patch sources.

WordPress WP Custom Admin Interface plugin <= 7.40 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin WP Custom Admin Interface versions = 7.40...

WordPress plugin WP Custom Admin Interface 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...