PT-2026-4779

Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the page title field. Attackers can create a new page with a malicious script in the title, which will be executed when the pag...

CVE-2025-2199

SQL injection vulnerability in the Innovación y Cualificación local administration plugin ajax.php. This vulnerability allows an attacker to obtain, update and delete data from the database by injecting an SQL query in ‘searchActionsToUpdate’, ‘searchSpecialitiesPending’,...

CVE-2025-2202 Broken access control vulnerability in the Innovación y Cualificación local administration plugin ajax.php

Broken access control vulnerability in the Innovación y Cualificación local administration plugin ajax.php. This vulnerability allows an attacker to obtain sensitive information about other users such as id, name, login and email...

CVE-2025-2199

CVE-2025-2199 describes an SQL injection vulnerability in the Innovación y Cualificación local administration plugin ajax.php. The flaw allows an attacker to inject SQL via multiple parameters (searchActionsToUpdate, searchSpecialitiesPending, searchSpecialitiesLinked, searchUsersToUpdateProfile,...

WordPress church-admin plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. church-admin is a church administration plugin used in it. A cross-site request forgery vulnerability exists in the WordPress...