EUVD-2026-10233

A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /hotel/admin/modamenities/index.php?view=edit. Performing a manipulation of the argument amenid/rmtypeid results in sql injection. The attack is possible ...

CVE-2026-3730

CVE-2026-3730 affects itsourcecode Free Hotel Reservation System 1.0. The flaw is a SQL injection in the file /hotel/admin/mod_amenities/index.php?view=edit, triggered by manipulating the arguments amen_id and rmtype_id. Exploitation is described as remote with a publicly released exploit. Severa...

CVE-2026-3730 itsourcecode Free Hotel Reservation System index.php sql injection

A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /hotel/admin/modamenities/index.php?view=edit. Performing a manipulation of the argument amenid/rmtypeid results in sql injection. The attack is possible ...

PT-2026-23935

Name of the Vulnerable Software and Affected Versions itsourcecode Free Hotel Reservation System version 1.0 Description A security flaw exists in itsourcecode Free Hotel Reservation System version 1.0. The issue involves a SQL injection impacting an unknown function within the file...

BIT-WORDPRESS-MULTISITE-2024-3992

The Amen WordPress plugin through 3.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3992

The Amen WordPress plugin through 3.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3992

The Amen WordPress plugin through 3.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3992 Amen <= 3.3.1 - Admin+ Stored XSS

The Amen WordPress plugin through 3.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3992 Amen <= 3.3.1 - Admin+ Stored XSS

The Amen WordPress plugin through 3.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin Amen security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-28733 · WordPress · Amen

Name of the Vulnerable Software and Affected Versions: Amen WordPress plugin versions 3.3.1 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise and escape som...

WordPress Amen plugin <= 3.3.1 - Authenticated Stored Cross-Site Scripting vulnerability

Authenticated Stored Cross-Site Scripting vulnerability discovered by Bob Matyas in WordPress Plugin Amen versions = 3.3.1...

Amen <= 3.3.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to...

WordPress Amen Plugin <= 3.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Amen Type Plugin Vulnerable versions = 3.3.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3992 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2ff20ea08709 Credits Bob Matyas Required privilege...

Amen <= 3.3.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

amen-onlus.it XSS vulnerability

Open Bug Bounty ID: OBB-453608 Description| Value ---|--- Affected Website:| amen-onlus.it Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat She...

PHP-Nuke (friend.php) Module Remote SQL Injection Vulnerability

Exploit for php platform in category web applications =============================================================== PHP-Nuke friend.php Module Remote SQL Injection Vulnerability =============================================================== Exploit Title: PHP-Nuke 'friend.php' Module Remote SQ...