WordPress MW Font Changer <=4.2.5 - Cross-Site Scripting

WordPress MW Font Changer plugin 4.2.5 and before contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

CVE-2026-9236 CM Ad Changer <= 2.0.7 - Cross-Site Request Forgery to Campaign Deletion via Campaign Management

The CM Ad Changer – A simple tool to control and optimize your site's banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the cmaccampaignsaction function. This makes it...

EUVD-2026-32051

The CM Ad Changer – A simple tool to control and optimize your site's banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the cmaccampaignsaction function. This makes it...

PT-2026-43495

The CM Ad Changer – A simple tool to control and optimize your site's banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the cmac campaigns action function. This makes it...

WordPress plugin CM Ad Changer 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress CM Ad Changer – A simple tool to control and optimize your site's banners plugin <= 2.0.7 - Cross-Site Request Forgery to Campaign Deletion vulnerability

Cross-Site Request Forgery to Campaign Deletion vulnerability discovered by jamaal in WordPress Plugin CM Ad Changer versions = 2.0.7...

CVE-2019-25475

SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can inject 6000 bytes of data into the User Name and Registration Code field to trigger a denial of service condition...

EUVD-2019-19752

SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can inject 6000 bytes of data into the User Name and Registration Code field to trigger a denial of service condition...

CVE-2019-25475

SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can inject 6000 bytes of data into the User Name and Registration Code field to trigger a denial of service condition...

CVE-2019-25475 SQL Server Password Changer 1.90 Denial of Service Buffer Overflow

SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can inject 6000 bytes of data into the User Name and Registration Code field to trigger a denial of service condition...

CVE-2019-25475

The affected software is SQL Server Password Changer version 1.90. The vulnerability is a buffer overflow in the application that allows a local attacker to crash the program by sending an oversized payload, specifically exploiting the User Name and Registration Code fields with around 6000 bytes...

CVE-2019-25475 SQL Server Password Changer 1.90 Denial of Service Buffer Overflow

SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can inject 6000 bytes of data into the User Name and Registration Code field to trigger a denial of service condition...

CVE-2019-25475

SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can inject 6000 bytes of data into the User Name and Registration Code field to trigger a denial of service condition...

PT-2026-24772

SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can inject 6000 bytes of data into the User Name and Registration Code field to trigger a denial of service condition...

Top Password SQL Server Password Changer 缓冲区错误漏洞

Top Password SQL Server Password Changer is an SQL password modification tool developed by Top Password. Version 1.90 of Top Password SQL Server Password Changer contains a buffer error vulnerability. This vulnerability stems from buffer overflows in the username and registration code fields, whi...

CVE-2023-29174

Missing Authorization vulnerability in NervyThemes SKU Label Changer For WooCommerce.This issue affects SKU Label Changer For WooCommerce: from n/a through 3.0...

CVE-2023-49153

Cross-Site Request Forgery CSRF vulnerability in Saiful Islam Add to Cart Text Changer and Customize Button, Add Custom Icon.This issue affects Add to Cart Text Changer and Customize Button, Add Custom Icon: from n/a through 2.0...

CVE-2025-14131

The WP Widget Changer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-14131

The WP Widget Changer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

WordPress WP Widget Changer plugin <= 1.2.5 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin WP Widget Changer versions = 1.2.5...