WordPress Reward Video Ad for WordPress plugin <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Admin Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Admin Settings vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Reward Video Ad for WordPress versions = 1.6...

CVE-2025-63409

Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote authenticated users to modify administrator only settings and extract administrator credentials...

PT-2026-21742

Name of the Vulnerable Software and Affected Versions GCOM EPON 1GE C00R371V00B01 affected versions not specified Description A flaw exists in GCOM EPON 1GE C00R371V00B01 related to privilege escalation and improper access control. Remote authenticated users can modify administrator-only settings...

CVE-2026-26046

A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator coul...

Konica Bizhub Multifunction Printers Exposure of Sensitive Information to an Unauthorized Actor (CVE-2021-20869)

When using external authentication with an LDAP server, a remote attacker could steal specific authentication information in Administrator settings by sending specific SOAP messages. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504863; scriptversion"1.2";...

EUVD-2021-11072

Malware in sbrugna...

EUVD-2009-4414

Malware in sbrugna...

EUVD-2017-1430

Malware in sbrugna...

EUVD-2018-8054

Malware in sbrugna...

EUVD-2008-5543

Malware in sbrugna...

EUVD-2022-1069

Malicious code in bioql PyPI...

EUVD-2024-38207

Malicious code in bioql PyPI...

CVE-2025-50986

diskover-web v2.3.0 Community Edition suffers from multiple stored cross-site scripting XSS vulnerabilities in its administrative settings interface. Various configuration fields such as ESHOST, ESINDEXREFRESH, ESPORT, ESSCROLLSIZE, ESTRANSLOGSIZE, ESTRANSLOGSYNCINT, EXCLUDESFILES, FILETYPES,...

CVE-2025-6790

The Quiz and Survey Master QSM WordPress plugin before 10.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-39723

IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935...

CVE-2021-25004

The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin...

CVE-2021-24380

The Shantz WordPress QOTD WordPress plugin through 1.2.2 is lacking any CSRF check when updating its settings, allowing attackers to make logged in administrators change them to arbitrary values...

CVE-2020-5621

Cross-site request forgery CSRF vulnerability in NETGEAR switching hubs GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified...

CVE-2024-8245

The CVE concerns the GamiPress WordPress plugin prior to version 1.0.1, where a missing CSRF check when updating settings allows a logged‑in attacker to change settings via a CSRF attack. Affected product: GamiPress WordPress plugin (pre‑1.0.1). Root cause: no CSRF protection on settings updates....

WordPress plugin Event Tickets with Ticket Scanner 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...