242910 matches found
CVE-2026-9677
The Shariff for WordPress Shariff for WordPress plugin through 1.0.11 does not sanitize or escape the shariffinfourl setting before outputting it in the frontend HTML via the generateshariff function, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...
CVE-2026-9677
The Shariff for WordPress Shariff for WordPress plugin through 1.0.11 does not sanitize or escape the shariffinfourl setting before outputting it in the frontend HTML via the generateshariff function, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...
CVE-2026-9677 Shariff for WordPress <= 1.0.11 - Admin+ Stored Cross-Site Scripting
The Shariff for WordPress Shariff for WordPress plugin through 1.0.11 does not sanitize or escape the shariffinfourl setting before outputting it in the frontend HTML via the generateshariff function, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...
Exploit for Improper Access Control in Widgetfactorylimited Jce
MASTA CVE-2026-48907 Scanner Joomla! JCE 2.9.99.5 Unauthe...
testimonial-widgets-sqli-cve
CVE-2026-XXXXX Admin SQL Injection in Testimonial Widget...
boxmoe-dove-sqli-cve
CVE-2026-XXXXX Unauthenticated SQL Injection in Boxmoe Dov...
sakura-theme-sqli-cve
CVE-2026-XXXXX Unauthenticated SQL Injection in Sakura Wor...
CVE-2026-11356
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menutitle' and 'menumagnifiercolor' Settings in all versions up to, and including, 5.5.15 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-11356
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menutitle' and 'menumagnifiercolor' Settings in all versions up to, and including, 5.5.15 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-11356
The Ivory Search – WordPress Search Plugin for WordPress is affected by a Stored Cross-Site Scripting vulnerability in the settings fields menu_title and menu_magnifier_color, affecting all versions up to and including 5.5.15. The root cause is insufficient input sanitization and output escaping....
CVE-2026-11356 Ivory Search <= 5.5.15 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu_title' and 'menu_magnifier_color' Settings
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menutitle' and 'menumagnifiercolor' Settings in all versions up to, and including, 5.5.15 due to insufficient input sanitization and output escaping. This makes it possible for...
EUVD-2026-39931
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menutitle' and 'menumagnifiercolor' Settings in all versions up to, and including, 5.5.15 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2026-53038
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menu title' and 'menu magnifier color' Settings in all versions up to, and including, 5.5.15 due to insufficient input sanitization and output escaping. This makes it possible for...
Nezha Dashboard: DDNS and Notification credential exposure via unredacted list API
Summary The GET /api/v1/ddns and GET /api/v1/notification endpoints return full resource objects including plaintext third-party API credentials — Cloudflare API tokens, TencentCloud SecretKeys, Slack/Discord/Telegram webhook URLs with embedded bot tokens, and Authorization header values — withou...
GHSA-WW5P-J6CJ-6MQQ Nezha Dashboard: DDNS and Notification credential exposure via unredacted list API
Summary The GET /api/v1/ddns and GET /api/v1/notification endpoints return full resource objects including plaintext third-party API credentials — Cloudflare API tokens, TencentCloud SecretKeys, Slack/Discord/Telegram webhook URLs with embedded bot tokens, and Authorization header values — withou...
GHSA-HMGP-W9JM-VP95 Subsonic API: any authenticated user can delete or read any other user's playlist (IDOR)
Summary In gonic, the Subsonic API endpoints /rest/deletePlaylist.view and /rest/getPlaylist.view perform no per-resource authorization. Once authenticated as any user admin or not, an attacker can: 1. Delete any playlist owned by any other user including admin by passing its id. 2. Read the full...
Subsonic API: any authenticated user can delete or read any other user's playlist (IDOR)
Summary In gonic, the Subsonic API endpoints /rest/deletePlaylist.view and /rest/getPlaylist.view perform no per-resource authorization. Once authenticated as any user admin or not, an attacker can: 1. Delete any playlist owned by any other user including admin by passing its id. 2. Read the full...
GHSA-2FP4-5V5C-4448 gonic: Path Traversal in playlist `id` bypasses ownership check, enabling any user to read/delete other users' playlists
Summary The maintainer's recent fix in 6dd71e6a3c966867ef8c900d359a7df75789f410 fixsubsonic: enforce playlist ownership on getPlaylist/deletePlaylist added an ownership check based on playlist.UserID. However, playlist.UserID is derived from the first path segment of the attacker-controlled...
gonic: Path Traversal in playlist `id` bypasses ownership check, enabling any user to read/delete other users' playlists
Summary The maintainer's recent fix in 6dd71e6a3c966867ef8c900d359a7df75789f410 fixsubsonic: enforce playlist ownership on getPlaylist/deletePlaylist added an ownership check based on playlist.UserID. However, playlist.UserID is derived from the first path segment of the attacker-controlled...
GHSA-4GXV-P5G5-J7W7 gonic has arbitrary file write in createPlaylist: any authenticated user can write playlist M3U content to attacker-controlled path on the host
Summary A logic error in ServeCreateOrUpdatePlaylist allows any authenticated Subsonic user including non-admin to write playlist M3U content to an attacker-controlled absolute filesystem path on the gonic host, and to create intermediate directories with 0o777 permissions. The bug is independent...