CVE-2021-47983

WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settingscurrencycode parameter. Attackers can submit POST requests to /wp-admin/options.php with script...

EUVD-2026-33887

The FPW Category Thumbnails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'fpwfsgetfile' AJAX action in all versions up to, and including, 1.9.5. This is due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-6399

The CVE concerns the WordPress General Options plugin (up to version 1.1.0). Root cause: the code uses sanitize_text_field() for output escaping in the ad_contact_number field, which strips HTML but does not encode double quotes, so when echoed inside a double-quoted HTML attribute (value="..."),...

PT-2026-23835

Name of the Vulnerable Software and Affected Versions WP App Bar plugin for WordPress versions up to and including 1.5 Description The WP App Bar plugin for WordPress is susceptible to Stored Cross-Site Scripting through the app-bar-features parameter. This is a result of inadequate input...

CVE-2020-36932

SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded...

CVE-2020-36932 Seacms 11.1 - 'checkuser' Stored XSS

SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded...

EUVD-2026-4635

SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded...

CVE-2020-36932

CVE-2020-36932 affects SeaCMS 11.1. The vulnerability is a stored cross-site scripting (XSS) in the checkuser parameter of the admin settings page. The underlying issue allows an attacker to inject JavaScript payloads that execute in users’ browsers when the page loads. Affected component: admin ...

CVE-2020-36932 Seacms 11.1 - 'checkuser' Stored XSS

SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded...

PT-2025-46770

Name of the Vulnerable Software and Affected Versions code-projects Responsive Hotel Site version 1.0 Description A SQL injection flaw exists due to manipulation of the usname argument within an unknown function of the /admin/usersetting.php file. This issue can be exploited remotely. The exploit...

EUVD-2023-38792

Malicious code in bioql PyPI...

CVE-2023-34756

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings=charset=edit...

CVE-2020-19626

Cross Site Scripting XSS vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new...

CVE-2023-34752

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit...

CVE-2023-34754

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit...

PT-2023-25000 · Bloofox · Bloofox

Name of the Vulnerable Software and Affected Versions: bloofox version 0.5.2.1 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the pid parameter at the "admin/index.php?mode=settings&page=plugins&action=edit" endpoint. Recommendations: F...

CVE-2023-34752

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit...

PT-2022-22262 · Puppycms · Puppycms

Name of the Vulnerable Software and Affected Versions: puppyCMS versions up to 5.1 Description: A problematic issue has been found in puppyCMS, affecting an unknown part of the file /admin/settings.php. The manipulation of the site name argument leads to cross-site scripting. It is possible to...

CVE-2017-7360

Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the addonstitle parameter in the...