CVE-2022-50960

WordPress International SMS for Contact Form 7 Integration version 1.2 contains a reflected cross-site scripting vulnerability in the page parameter of the admin settings interface. Attackers can inject malicious scripts through the page parameter in class-sms-log-display.php to execute arbitrary...

CVE-2022-50960

The vulnerability is in WordPress International Sms For Contact Form 7 Integration v1.2, which contains a reflected XSS in the page parameter of the admin settings interface. The issue is triggered via class-sms-log-display.php, allowing an attacker to inject malicious JavaScript that runs in adm...

CVE-2025-57310

A Cross-Site Request Forgery CSRF vulnerability in Salmen2/Simple-Faucet-Script v1.07 via crafted POST request to admin.php?p=ads&c=1 allowing attackers to execute arbitrary code...

CVE-2024-37859

Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php...

CVE-2015-9452

The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nexformsId parameter...

PT-2025-3783 · Unknown · Campcodes School Faculty Scheduling System

Name of the Vulnerable Software and Affected Versions: Campcodes School Faculty Scheduling System version 1.0 Description: A critical issue was found in the system, affecting some unknown functionality of the file /admin/index.php. The manipulation of the page argument leads to file inclusion. Th...

CVE-2024-37859

Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php...

PT-2023-20768 · Sourcecodester · Sourcecodester Lost/Found Information System

Name of the Vulnerable Software and Affected Versions: SourceCodester Lost and Found Information System version 1.0 Description: A vulnerability has been found in the system, classified as problematic, affecting an unknown functionality of the file admin/. The manipulation of the page argument...

CVE-2022-40047

Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting XSS vulnerability via the page parameter at /flatpress/admin.php...

CVE-2022-32340

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/?page=patients/viewpatient&id=...

CVE-2020-18458

Cross Site Request Forgery CSRF vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd...

CVE-2016-10952

The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter...

CVE-2017-18613

The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin.php?page=trust-form-edit page parameter...

CVE-2019-14789

The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page parameter...

CVE-2019-9576

The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admin.php?page=blog2social-ship XSS...

Piwigo 'name' Parameter Cross-Site Scripting Vulnerability

Piwigo is a web-based photo album software from Piwigo team. The software supports photo publishing, management, multiple browsing category, tag, time, etc. Batch Manager component is one of the manager components. A cross-site scripting vulnerability exists in Piwigo version 2.9.2. A remote...

CVE-2017-17059

XSS exists in the amtyThumb amty-thumb-recent-post aka amtyThumb posts or wp-thumb-post plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php...

Role Scoper WordPress Plugin Reflective Cross-Site Scripting Vulnerability

Role Scoper WordPress plugin is comprehensive access control solution that controls read and edit permissions like a CMS. Role Scoper WordPress 1.3.66 and earlier versions do not effectively filter the "objectname" HTTP GET parameter value of "/wp-admin/admin.php" when "page" is set to...

Welcart vulnerable to cross-site scripting

Overview Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a cross-site scripting CWE-79 vulnerability due to the processing of uscesreferer parameter in admin.php. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the...