CVE-2025-11762 HubSpot All-In-One Marketing - Forms, Popups, Live Chat <= 11.3.32 - Missing Authorization to Authenticated (Contributor+) Installed Plugin Disclosure

The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.32 via the leadin/public/admin/class-adminconstants.php file. This makes it possible for authenticated attackers, with...

PT-2026-20225

Name of the Vulnerable Software and Affected Versions IBM DataStage on Cloud Pak for Data affected versions not specified Description An authenticated user may be able to execute arbitrary commands and gain access to sensitive information due to unrestricted file uploads. Recommendations At the...

CVE-2022-23009

On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated administrative role user on a BIG-IQ managed BIG-IP device can access other BIG-IP devices managed by the same BIG-IQ system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-36528

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports...

CVE-2025-1307 Newscrunch <= 1.8.4 - Authenticated (Subscriber+) Arbitrary File Upload

The Newscrunch theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check in the newscrunchinstallandactivateplugin function in all versions up to, and including, 1.8.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above...

Citrix NetScaler Console (ADM) 13.1.x < 13.0.56.18 / 14.1.x < 14.1.38.53 Authenticated privilege escalation Vulnerability (CTX692579)

An Authenticated privilege escalation vulnerability exists in Citrix NetScaler Console ADM 13.1 prior to 13.1-56.18 and 14.1 prior to 14.1-38.53. An unauthenticated, remote attacker can exploit this to reset the administrator password and gain administrative access to the appliance. The issue...

CVE-2024-12818 WP Smart TV <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP Smart TV plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tv-video-player' shortcode in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

SAUTER EY-modulo 5 Building Automation Station 代码问题漏洞

SAUTER EY-modulo 5 Building Automation Station is a complete building management solution from SAUTER. A security vulnerability exists in SAUTER EY-modulo 5 Building Automation Station. An authenticated attacker could exploit the vulnerability to upload a malicious image, resulting in a denial of...

WordPress plugin WHA Crossword 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2022-23291 · WordPress · Dmitrylitvinov Uploading Svg

Name of the Vulnerable Software and Affected Versions: dmitrylitvinov Uploading SVG, WEBP and ICO files plugin version 1.0.1 and earlier Description: The issue concerns an Authenticated Arbitrary File Upload vulnerability. This allows attackers to upload malicious files to the system, potentially...