CVE-2025-3582

CVE-2025-3582 affects the Newsletter WordPress plugin prior to version 8.85. The issue arises from inadequate sanitisation/escaping of Form settings, enabling stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (e.g., multisite). Public sources in the provid...

CVE-2025-3581 Newsletter < 8.8.5 - Admin+ Stored XSS via Widget

The Newsletter WordPress plugin before 8.8.5 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtm...

CVE-2025-3581 Newsletter < 8.8.5 - Admin+ Stored XSS via Widget

The Newsletter WordPress plugin before 8.8.5 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtm...

Online Birth Certificate System users-applications.php File SQL Injection Vulnerability

Online Birth Certificate System is an online birth certificate system. Online Birth Certificate System has a SQL injection vulnerability that originates from an incorrect manipulation of the parameter userid in the file /admin/users-applications.php resulting in SQL injection. No details of the...

CVE-2025-5633

A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/users.php. The manipulation of the argument delete leads to sql injection. The attack may be...

NEWS-BUZZ 安全漏洞

NEWS-BUZZ is a news management system by the individual developer ANIRBAN DUTTA that allows users to publish and manage various news content. A security vulnerability exists in NEWS-BUZZ v1.0, which stems from an improper operation of the parameter delete in the file /admin/users.php, which could...

PT-2025-23886 · Unknown · Code-Projects/Anirbandutta9 Content Management System/News-Buzz

Name of the Vulnerable Software and Affected Versions: code-projects/anirbandutta9 Content Management System and News-Buzz version 1.0 Description: A critical issue affects an unknown functionality of the file /admin/users.php. The manipulation of the change to admin argument leads to SQL...

CVE-2025-3584

The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-5373

A vulnerability has been found in PHPGurukul Online Birth Certificate System 2.0 and classified as critical. This vulnerability affects unknown code of the file /admin/users-applications.php. The manipulation of the argument userid leads to sql injection. The attack can be initiated remotely. The...

CVE-2025-4634

CVE-2025-4634 describes a local file inclusion vulnerability in the web portal of airpointer version 2.4.107-2. The issue arises from the web portal allowing manipulation of requests that enables a user with administrative privileges to view files on the filesystem. Affected component: web portal...

CVE-2024-43797

audiobookshelf is a self-hosted audiobook and podcast server. A non-admin user is not allowed to create libraries or access only the ones they have permission to. However, the LibraryController is missing the check for admin user and thus allows a path traversal issue. Allowing non-admin users to...

CVE-2024-3365

A vulnerability was found in SourceCodester Online Library System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/users/controller.php. The manipulation of the argument username leads to cross site scripting. The attack may be initiated remotely...

CVE-2024-6133

The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-21791

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this vulnerability...

CVE-2024-5074

The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-21630

Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be able to invite...

CVE-2024-5170

The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-12585

The Property Hive WordPress plugin before 2.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13223

The Tabulate WordPress plugin through 2.10.3 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13221

The Fantastic ElasticSearch WordPress plugin through 4.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...