320 matches found
CVE-2022-4820
A vulnerability classified as problematic has been found in FlatPress. This affects an unknown part of the file admin/panels/entry/admin.entry.list.php of the component Admin Area. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patc...
CVE-2022-32404
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manageinmate.php:3...
CVE-2021-32787
Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for daily usage statistics and code intelligence uploads a...
CVE-2014-10035
Multiple cross-site scripting XSS vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to inject arbitrary web script or HTML via the 1 sEcho parameter to commentspaginate.php or 2 storespaginate.php or the 3 affiliateurl, 4 description, 5 domain, 6...
CVE-2015-9355
The two-factor-authentication plugin before 1.1.10 for WordPress has XSS in the admin area...
CVE-2015-9353
The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066...
CVE-2024-6708
The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to perform Cross-Site Scripting attacks...
CVE-2025-2651
A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /oews/admin/. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The explo...
CVE-2025-25075 WordPress Show notice or message on admin area plugin <= 2.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in Venugopal Show notice or message on admin area show-notice-or-message-on-admin-area allows Stored XSS.This issue affects Show notice or message on admin area: from n/a through = 2.0...
CVE-2025-25075
CVE-2025-25075 affects the WordPress plugin Show notice or message on admin area (
PT-2025-5914 · Unknown · Venugopal Show Notice/Message On Admin Area
Name of the Vulnerable Software and Affected Versions: Venugopal Show notice or message on admin area versions n/a through 2.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in the Venugopal Show notice or message on admin area. This vulnerability...
WordPress plugin Show notice or message on admin area 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...
CVE-2024-25628
Alf.io is a free and open source event attendance management system. In versions prior to 2.0-M4-2402 users can access the admin area even after being invalidated/deleted. This issue has been addressed in version 2.0-M4-2402. All users are advised to upgrade. There are no known workarounds for th...
WordPress Show notice or message on admin area plugin <= 2.0 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Show notice or message on admin area versions = 2.0...
PT-2024-34413 · Unknown · Abantecart
Name of the Vulnerable Software and Affected Versions: AbanteCart version 1.4.0 Description: A SQL Injection issue was discovered in the update function in public html/admin/controller/responses/listing grid/email templates.php. The issue is exploitable via the id parameter. Recommendations: For...
Online Pizza Ordering System 1.0 Insecure Settings
============================================================================================================================================= | Title : Online Pizza Ordering System v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
CVE-2024-42625
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/layout/add...
WordPress Ajax Search Lite plugin < 4.12.1 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Ajax Search Lite versions 4.12.1...
CVE-2024-40331
idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/dbBakMySQLdeal.php?mudi=backup...
CVE-2024-35039
idccms V1.35 was discovered to contain a Cross-Site Request Forgery CSRF via admin/tplSysdeal.php?mudi=area...