PT-2026-3344

The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audio url' parameter. This makes it possible for authenticated attackers, with Administrator-level access, t...

CVE-2025-14741

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to missing authorization to unauthorized data modification and deletion due to a missing capability check on the 'deleteobject' function in all versions up to, and including, 3.28.25. This makes it possible for unauthenticated...

WordPress Frontend Admin by DynamiApps plugin <= 3.28.25 - Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form Element vulnerability

Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form Element vulnerability discovered by andrea bocchetti in WordPress Plugin Frontend Admin by DynamiApps versions = 3.28.25...

WordPress plugin Frontend Admin by DynamiApps 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin WP Table Builder – Drag & Drop Table Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

Exploit for CVE-2025-13342

CVE-2025-13342 PoC The Frontend Admin by DynamiApps plugin fo...

CVE-2025-61318

Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature...

CVE-2025-61318

Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature...

CVE-2025-61318

Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature...

EUVD-2025-201728

Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature...

CVE-2025-61318

CVE-2025-61318 affects Emlog Pro 2.5.20. The vulnerability stems from the admin/template.php and admin/plugin.php components where path validation is missing and deletion parameters are not properly filtered, allowing directory traversal that can lead to arbitrary file deletion. The issue is not ...

PT-2025-49559

Name of the Vulnerable Software and Affected Versions Emlog Pro version 2.5.20 Description Emlog Pro 2.5.20 contains a flaw that allows for arbitrary file deletion. This issue is present in the admin/template.php and admin/plugin.php components, which do not properly validate file paths or filter...

CVE-2025-13342

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification of arbitrary WordPress options in all versions up to, and including, 3.28.20. This is due to insufficient capability checks and input validation in the ActionOptions::run save handler. This makes it...

EUVD-2025-200979

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification of arbitrary WordPress options in all versions up to, and including, 3.28.20. This is due to insufficient capability checks and input validation in the ActionOptions::run save handler. This makes it...

PT-2025-48806

Name of the Vulnerable Software and Affected Versions Frontend Admin by DynamiApps plugin for WordPress versions through 3.28.20 Description The Frontend Admin by DynamiApps plugin for WordPress is susceptible to unauthorized modification of arbitrary WordPress options. This is a result of...

CVE-2025-66307

This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a user enumeration and email disclosure vulnerability exists in Grav. The "Forgot Password" functionality at /admin/forgot leaks...

CVE-2025-66310

This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/pages/page endpoint of the Grav application. This...

CVE-2025-66312

This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/accounts/groups/Grupo endpoint of the Grav application. Th...

CVE-2025-66296

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a privilege escalation vulnerability exists in Grav’s Admin plugin due to the absence of username uniqueness validation when creating users. A user with the create user permission can create a new account using the same username as an...

GHSA-GQXX-248X-G29F Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/config/site` parameter `data[taxonomies]`

Summary A Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/config/site endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the datataxonomies parameter. The injected payload is stored on the server and automatically...