CVE-2026-35542

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a BODY element in an e-mail message. This may lead to information disclosure or access-control bypass...

CVE-2026-35541

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password...

Roundcube Webmail 跨站脚本漏洞

Roundcube Webmail is an open-source browser-based IMAP client developed by Roundcube. It supports address book management, information search, spelling checking, etc. Versions of Roundcube Webmail prior to 1.5.14 and 1.6.14 had a cross-site scripting vulnerability. This vulnerability stemmed from...

PT-2024-35710 · WordPress · Wp Admin Ui Customize

Name of the Vulnerable Software and Affected Versions: WP Admin UI Customize versions prior to 1.5.14 Description: A cross-site scripting issue exists, allowing an arbitrary script to be executed on the web browser of other users who access the admin screen, if a malicious admin user customizes t...

CVE-2022-1089

The Bulk Edit and Create User Profiles WordPress plugin before 1.5.14 does not sanitise and escape the Users Login, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2018-21011

The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details...