485 matches found
WordPress Photo Gallery by 10Web plugin < 1.8.31 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Photo Gallery by 10Web versions 1.8.31...
WordPress Frontend Checklist plugin <= 2.3.2 - Admin+ Stored XSS via Items vulnerability
Admin+ Stored XSS via Items vulnerability discovered by Bob Matyas in WordPress Plugin Frontend Checklist versions = 2.3.2...
CVE-2020-36993
LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenutitle and Surveymenuparentid parameters to execute arbitrary JavaScript in administrative contexts...
CVE-2026-1045
The Viet contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...
CVE-2022-50916 e107 CMS v3.2.1 - Upload restriction bypass (Authenticated [Admin])+ Server file override
e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files through the Media Manager import functionality. Attackers can exploit the upload mechanism by manipulating the upload URL parameter to overwrite existing files like top.ph...
CVE-2023-4290
The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHPSELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin...
CVE-2023-40068
Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative...
CVE-2018-10520
In CMS Made Simple CMSMS through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories...
CVE-2016-10902
The wp-customer-reviews plugin before 3.0.9 for WordPress has CSRF in the admin tools...
CVE-2023-25704
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mehjabin Orthi Interactive SVG Image Map Builder plugin = 1.0 versions...
CVE-2023-25569
Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmation from the Portal admin. Cooki...
CVE-2023-25488
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Duc Bui Quang WP Default Feature Image plugin = 1.0.1.1 versions...
CVE-2023-40329
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPZest Custom Admin Login Page | WPZest plugin = 1.2.0 versions...
CVE-2023-40007
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Ujwol Bastakoti CT Commerce plugin = 2.0.1 versions...
PT-2026-1840
Name of the Vulnerable Software and Affected Versions phpgurukul Hostel Management System version 2.1 Description The application stores user-provided complaint data, specifically the 'Explain the Complaint' field submitted through the /register-complaint.php endpoint, without proper output...
CVE-2025-15426
A vulnerability was identified in jackying H-ui.admin up to 3.1. This affects an unknown function in the library /lib/webuploader/0.1.5/server/preview.php. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might...
GHSA-2MWC-H2MG-V6P8 Bagisto has HTML Filter Bypass that Enables Stored XSS
Summary A stored Cross-Site Scripting XSS vulnerability exists in Bagisto 2.3.8 within the CMS page editor. Although the platform normally attempts to sanitize tags, the filtering can be bypassed by manipulating the raw HTTP POST request before submission. As a result, arbitrary JavaScript can be...
H-ui.admin 代码问题漏洞
H-ui.admin is a website backend template by jackying personal developer. A code issue vulnerability exists in H-ui.admin 3.1 and earlier versions, which stems from an incorrect operation of the library file /lib/webuploader/0.1.5/server/preview.php, which may result in arbitrary file uploads...
WordPress WP Maps plugin < 4.7.2 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin WP Maps versions 4.7.2...
WordPress GDPR Cookie Compliance plugin < 4.15.7 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin GDPR Cookie Compliance versions 4.15.7...