EUVD-2026-19365

A flaw has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown part of the file /admin/Add%20notice/add%20notice.php. This manipulation of the argument $SERVER'PHPSELF' causes cross site scripting. It is possible to initiate th...

CVE-2024-8277

The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2. This is due to the plugin not properly validating what user transient is being used in the login function and not properly verifying the user's identit...

PT-2025-3932 · WordPress · The Buzz Club – Night Club

Name of the Vulnerable Software and Affected Versions: The Buzz Club – Night Club, DJ and Music Festival Event WordPress Theme versions up to, and including, 2.0.4 Description: The issue allows unauthorized modification of data, potentially leading to a denial of service. This is due to a missing...

VulnCheck KEV: CVE-2021-4445

The Premium Addons for Elementor plugin for WordPress is vulnerable to Arbitrary Option Updates in versions up to, and including, 4.5.1. This is due to missing capability and nonce checks in the padismissadminnotice AJAX action. This makes it possible for authenticated subscriber+ attackers to...

PT-2024-11041 · WordPress · Premium Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Premium Addons for Elementor versions up to, and including, 4.5.1 Premium Addons for Elementor versions prior to 2e5b3608-1dfc-468f-b3ae-12ce7c25ee6c Description: The issue is due to missing capability and nonce checks in the pa dismiss admin...

CVE-2024-8277

The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2. This is due to the plugin not properly validating what user transient is being used in the login function and not properly verifying the user's identit...

PT-2024-38907 · WordPress · Woocommerce Photo Reviews Premium

Name of the Vulnerable Software and Affected Versions: WooCommerce Photo Reviews Premium plugin for WordPress versions up to, and including, 1.3.13.2 Description: The issue is due to the plugin not properly validating what user transient is being used in the login function and not properly...

WordPress Plugin WooCommerce Add to Cart Custom Redirect Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-18371 · WordPress · Woocommerce Add To Cart Custom Redirect

Name of the Vulnerable Software and Affected Versions: WooCommerce Add to Cart Custom Redirect plugin for WordPress versions up to, and including, 1.2.13 Description: The issue allows authenticated attackers with contributor access and above to update the values of arbitrary site options to...

WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk

A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges. Tracked as CVE-2023-40000, the vulnerability was addressed in October 2023 in version 5.7.0.1. "This plugin suffers from unauthenticated...

WP ERP < 1.12.7 - Missing Authorization via admin notice dismissal

Description The WP ERP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple admin notice dismissal function in versions up to, and including, 1.12.6. This makes it possible for authenticated attackers, with subscriber-level access a...

WordPress InfiniteWP Client Plugin < 1.12.1 Information Disclosure Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:revmakx:infinitewpclient"; ifdescription...

CVE-2023-2916 InfiniteWP Client <= 1.11.1 - Authenticated (Subscriber+) Sensitive Information Exposure

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'adminnotice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. ...

WordPress Plugin InfiniteWP Client Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure vulnerabilit...

Accordion & FAQ < 1.9.9 - Reflected XSS

The plugin does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting PoC Make a logged-in admin open one of the URLs below when the feature notice has not been dismissed yet...

74cms 跨站脚本漏洞

XUNYI TECHNOLOGY 74cms is a PHP and MySQL based online recruitment system from China Xunyi Technology Company. A security vulnerability exists in version 74cmsSE v3.12.0, which was discovered to contain a cross-site scripting XSS vulnerability via component /apiadmin/notice/add. An attacker can...

Spectra < 1.25.6 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC When the admin notice about Usage Tracking is displayed: https://example.com/wp-admin/index?a"...

CVE-2018-14440

An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. SQL injection exists via the admin/noticeManageActionqueryNotice.action noticeInfo parameter...