CVE-2025-68873

CVE-2025-68873 is a Reflected XSS in PRIMER by chloédigital (WordPress plugin) affecting PRIMER versions up to 1.0.25. The Wordfence Vulnerability Report lists it as Unpatched; no exploitation details are provided in the connected docs beyond the vulnerability type and affected software.

WordPress Newscrunch theme <= 1.8.4 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Chloe Chamberland in WordPress Theme Newscrunch versions = 1.8.4...

WordPress WordPress Announcement & Notification Banner Plugin – Bulletin Plugin <= 3.6.0 is vulnerable to Broken Access Control

Software WordPress Announcement & Notification Banner Plugin – Bulletin Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.7.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2066 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSI...

chloegraftiaux.com Cross Site Scripting vulnerability OBB-3313872

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress WP Data Access Plugin <= 5.3.7 is vulnerable to Broken Access Control

Software WP Data Access Type Plugin Vulnerable versions = 5.3.7 Fixed in 5.3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1874 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID d34193572ac0 Credits Chloe Chamberland Required...

WordPress WCFM Marketplace Plugin <= 3.4.12 is vulnerable to Cross Site Request Forgery (CSRF)

Software WCFM Marketplace Type Plugin Vulnerable versions = 3.4.12 Fixed in 3.5.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-4936 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 13c6dc4f50f8 Credits Chloe Chamberland...

CVE-2015-10084

A vulnerability was found in irontec klear-library chloe and classified as critical. Affected by this issue is the function prepareWhere of the file Controller/Rest/BaseController.php. The manipulation leads to sql injection. Upgrading to version marla is able to address this issue. The name of t...

Sql injection

A vulnerability was found in irontec klear-library chloe and classified as critical. Affected by this issue is the function prepareWhere of the file Controller/Rest/BaseController.php. The manipulation leads to sql injection. Upgrading to version marla is able to address this issue. The name of t...

CVE-2015-10084

CVE-2015-10084 affects irontec klear-library chloe. The vulnerability stems from the _prepareWhere function in Controller/Rest/BaseController.php, enabling SQL injection. Versions prior to marla are affected; upgrading to marla addresses the issue. A patch is identified as b25262de52fdaffde2a4434...

PT-2023-10263 · Irontec · Irontec Klear-Library

Name of the Vulnerable Software and Affected Versions: irontec klear-library chloe versions prior to marla Description: A critical issue was found in the prepareWhere function of the Controller/Rest/BaseController.php file, leading to sql injection. Recommendations: For versions prior to marla,...

irontec klear-library chloe SQL注入漏洞

klear-library is a Zend Framework 1 public site external library open source by Irontec. Irontec klear-library chloe has a SQL injection vulnerability , the vulnerability stems from the file Controller/Rest/BaseController.php function prepareWhere has a problem , which will lead to sql injection...

WordPress Download Manager 3.2.50 Arbitrary File Deletion

Description: Authenticated Contributor+ Arbitrary File Deletion Affected Plugin: Download Manager Plugin Slug: download-manager Plugin Developer: W3 Eden, Inc. Affected Versions: = 3.2.50 CVE ID: CVE-2022-2431 CVSS Score: 8.8 High CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H...

High Severity Vulnerability Patched in Download Manager Plugin

On July 8, 2022 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Download Manager,” a WordPress plugin that is installed on over 100,000 sites. This flaw makes it possible for an authenticated attacker to delete arbitrary...

WordPress SiteGround Security plugin <= 1.2.5 - Authorization Weakness to Authentication Bypass via 2-Factor Authentication Back-up Codes vulnerability

Authorization Weakness to Authentication Bypass via 2-Factor Authentication Back-up Codes vulnerability discovered by Chloe Chamberland Wordfence in WordPress SiteGround Security plugin versions = 1.2.5. Solution Update the WordPress SiteGround Security plugin to the latest available version at...

WordPress Email Template Designer – WP HTML Mail 3.0.9 Cross Site Scripting Vulnerability

WordPress Email Template Designer – WP HTML Mail plugin versions 3.0.9 and below suffer from a cross site scripting vulnerability. Exploit makes it possible for unauthenticated attackers to achieve complete site takeover. On December 23, 2021 the Wordfence Threat Intelligence team initiated the...

WordPress WP HTML Mail plugin <= 3.0.9 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Chloe Chamberland Wordfence in WordPress WP HTML Mail plugin versions = 3.0.9. Solution Update the WordPress WP HTML Mail plugin to the latest available version at least 3.1...

WordPress Login/Signup Popup plugin <= 2.2 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Options Update

Cross-Site Request Forgery CSRF vulnerability leading to Arbitrary Options Update discovered by Chloe Chamberland Wordfence in WordPress Login/Signup Popup plugin versions = 2.2. Solution Update the WordPress Login/Signup Popup plugin to the latest available version at least 2.3...

WordPress Side Cart Woocommerce (Ajax) plugin <= 2.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Options Update

Cross-Site Request Forgery CSRF vulnerability leading to Arbitrary Options Update discovered by Chloe Chamberland in WordPress Side Cart Woocommerce Ajax plugin versions = 2.0. Solution Update the WordPress Side Cart Woocommerce Ajax plugin to the latest available version at least 2.1...

WordPress Variation Swatches for WooCommerce plugin <= 2.1.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Chloe Chamberland WordFence in WordPress Variation Swatches for WooCommerce plugin versions = 2.1.1. Solution Update the WordPress Variation Swatches for WooCommerce plugin to the latest available version at least 2.1.2...

WordPress Access Demo Importer plugin <= 1.0.6 - Authenticated Arbitrary File Upload vulnerability

Authenticated Arbitrary File Upload vulnerability discovered by Chloe Chamberland WordFence in WordPress Access Demo Importer plugin versions = 1.0.6. Solution Update the WordPress Access Demo Importer plugin to the latest available version at least 1.0.7...