CVE-2025-15518

Improper input handling in a wireless-control administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the...

CVE-2025-12654 Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.120 - Authenticated (Admin+) Arbitrary Directory Creation

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory creation in all versions up to, and including, 0.9.120. This is due to the checkfilesystempermissions function not properly restricting the directories that can be created, or in...

WordPress Rich Snippet Site Report plugin <= 2.0.0105 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by johska in WordPress Theme Rich Snippet Site Report versions = 2.0.0105...

CVE-2017-17561

SeaCMS 6.56 allows remote authenticated administrators to execute arbitrary PHP code via a crafted token field to admin/adminping.php, which interacts with data/admin/ping.php...

CVE-2022-36356

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in Liam Gladdy / Thirty8 Digital Culture Object plugin = 4.0.1 at WordPress...