283 matches found
CVE-2015-9506
The Easy Digital Downloads EDD Amazon S3 extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...
CVE-2015-9527
The Easy Digital Downloads EDD Simple Shipping extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...
CVE-2015-9526
The Easy Digital Downloads EDD Reviews extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...
CVE-2015-9525
The Easy Digital Downloads EDD Recurring Payments extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...
CVE-2015-9512
The Easy Digital Downloads EDD CSV Manager extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...
WordPress plugin Digital License Manager 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Digital License Manager plugin <= 1.7.3 - Reflected Cross-Site Scripting via remove_query_arg Function vulnerability
Reflected Cross-Site Scripting via removequeryarg Function vulnerability discovered by Peter Thaleikis in WordPress Plugin Digital License Manager versions = 1.7.3...
UBUNTU-CVE-2024-58000
In the Linux kernel, the following vulnerability has been resolved: iouring: prevent reg-wait speculations With ENTEREXTARGREG instead of passing a user pointer with arguments for the waiting loop the user can specify an offset into a pre-mapped region of memory, in which case the offset, offset ...
The vulnerability of the ets_class_from_arg() function in the net/sched/sch_ets.c module of the net/sched subsystem of the Linux operating system allows a hacker to gain unauthorized access to protected information.
The vulnerability of the etsclassfromarg function in the net/sched/schets.c module of the net/sched subsystem of the Linux operating system lies in the handling of buffer overflow attacks. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
UBUNTU-CVE-2024-45775
A flaw was found in grub2 where the grubextcmddispatcher function calls grubarglistalloc to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the parseoption function, leading...
PT-2025-6506 · WordPress · S2Member
Name of the Vulnerable Software and Affected Versions: s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress versions up to, and including, 241114 Description: The issue is related to Reflected Cross-Site Scripting due t...
PT-2025-7663 · Net Snmp · Net-Snmp
Name of the Vulnerable Software and Affected Versions: netsnmp affected versions not specified Description: The issue is related to a heap-use-after-free error. Technical details about the error include the netsnmp hex to binary function, snmpv3 parse arg function, and netsnmp parse args function...
PT-2025-6016 · Rt-Thread · Rt-Thread
Name of the Vulnerable Software and Affected Versions: RT-Thread versions up to 5.1.0 Description: A problematic vulnerability was found in RT-Thread. The issue affects the sys thread create function of the file rt-thread/components/lwp/lwp syscall.c. The manipulation of the argument arg0 leads t...
PT-2025-2250 · WordPress · Stageshow
Name of the Vulnerable Software and Affected Versions: StageShow plugin for WordPress versions prior to 9.8.7 Description: The StageShow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove query arg without appropriate escaping on the URL. This allows...
PT-2025-4014 · Joeybling · Bootplus
Name of the Vulnerable Software and Affected Versions: JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d Description: A vulnerability has been found in the qrCode function of the file src/main/java/io/github/controller/QrCodeController.java. The manipulation of the text argument...
CVE-2024-13319
The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 7.6.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
PT-2025-1638 · WordPress · Cluevo Lms
Name of the Vulnerable Software and Affected Versions: CLUEVO LMS, E-Learning Platform plugin for WordPress versions up to, and including, 1.13.2 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg and remove query arg without appropriate escaping o...
PT-2025-3712 · WordPress · Enable Accessibility
Name of the Vulnerable Software and Affected Versions: Enable Accessibility plugin for WordPress versions up to, and including, 1.4.1 Description: The issue arises from the use of add query arg and remove query arg without proper escaping on the URL, allowing unauthenticated attackers to inject...
WordPress plugin GDY Modular Content 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin GDY Modula...
PT-2024-17428 · WordPress · Analytics Cat
Name of the Vulnerable Software and Affected Versions: Analytics Cat – Google Analytics Made Easy plugin for WordPress versions up to, and including, 1.1.2 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL...