CVE-2026-6702 Publish 2 Ping.fm <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'wpPingPingKey' Parameter

The Publish 2 Ping.fm plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the '/wp-admin/options-general.php?page=admin.php' page. This makes it possible for unauthenticated attackers t...

PT-2026-37201

CVE-2026-42312 pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set config value API method @permissionPerms.SETTINGS in src/p… https://t.co/ADtnuQJj56...

pyLoad 安全漏洞

pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev97 contained security vulnerabilities. These vulnerabilities stemmed from the use of incorrect option names in the ADMINONLYCOREOPTIONS authorization set within the setconfigvalue function. As a...

CVE-2025-23905

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Johannes van Poelgeest Admin Options Pages admin-options-pages allows Reflected XSS.This issue affects Admin Options Pages: from n/a through = 0.9.7...

EUVD-2014-4991

Malware in sbrugna...

EUVD-2005-3791

Malware in sbrugna...

EUVD-2025-28852

Malicious code in bioql PyPI...

EUVD-2022-41777

Malicious code in bioql PyPI...

EUVD-2025-3521

Malicious code in bioql PyPI...

CVE-2025-9430

A vulnerability was detected in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/options/update. The manipulation of the argument input results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used...

CVE-2025-9430

A vulnerability was detected in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/options/update. The manipulation of the argument input results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used...

CVE-2025-9430

CVE-2025-9430 is reported for mtons mblog up to 3.5.0. The issue arises from improper handling of input in the file "/admin/options/update", allowing cross-site scripting. The CVE entry notes that the attack can be launched remotely and that the exploit is public. Connected sources consistently i...

mblog 安全漏洞

mblog is a blogging system by langhsu individual developer. A security vulnerability exists in mtons mblog 3.5.0 and earlier versions, which stems from a cross-site scripting attack due to misuse of the parameter input in the file /admin/options/update...

PT-2025-34722 · Mtons · Mtons Mblog

Name of the Vulnerable Software and Affected Versions: mtons mblog versions up to 3.5.0 Description: A vulnerability was detected in mtons mblog up to version 3.5.0. This issue affects some unknown processing of the file /admin/options/update. The manipulation of the argument input results in...

CVE-2022-4426

The Mautic Integration for WooCommerce WordPress plugin before 1.0.3 does not have proper CSRF check when updating settings, and does not ensure that the options to be updated belong to the plugin, allowing attackers to make a logged in admin change arbitrary blog options via a CSRF attack...

CVE-2014-5092

Status2k allows Remote Command Execution in admin/options/editpl.php...

CVE-2015-9433

The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. in wp-admin/options-general.php?page=wp-social-bookmarking-light%2Fmodules%2Fadmin.php...

CVE-2015-9431

The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=qtranslate-x jsonconfigfiles or jsoncustomi18nconfig parameter...

CVE-2025-23905

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Johannes van Poelgeest Admin Options Pages admin-options-pages allows Reflected XSS.This issue affects Admin Options Pages: from n/a through = 0.9.7...

CVE-2025-23905 WordPress Admin Options Pages plugin <= 0.9.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Johannes van Poelgeest Admin Options Pages admin-options-pages allows Reflected XSS.This issue affects Admin Options Pages: from n/a through = 0.9.7...