66 matches found
CVE-2026-4032
The CodeColorer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in 'cc' comment shortcode in versions up to, and including, 0.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-4032 CodeColorer <= 0.10.1 - Unauthenticated Stored Cross-Site Scripting via 'class' attribute in 'cc' Comment Shortcode
The CodeColorer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in 'cc' comment shortcode in versions up to, and including, 0.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
EUVD-2026-13996
The WPFAQBlock– FAQ & Accordion Plugin For Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter of the 'wpfaqblock' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied...
PT-2026-26800
The WPFAQBlock– FAQ & Accordion Plugin For Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter of the 'wpfaqblock' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied...
PT-2026-26828
The Weaver Show Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add class' parameter in all versions up to, and including, 1.8.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2026-4105
A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus Desktop Bus method. A local unprivileged user can exploit this by attempting to register a machine with a...
CVE-2026-4105
A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus Desktop Bus method. A local unprivileged user can exploit this by attempting to register a machine with a...
MiracleLinux 3 : struts-1.2.9-4jpp.8.AXS3 (AXSA:2014-309:01)
The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-309:01 advisory. Welcome to the Struts Framework! The goal of this project is to provide an open source framework useful in building web applications with Java Servlet and...
CVE-2022-50805
Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. Attackers can exploit the vulnerability by submitting crafted payloads to manipulate database queries and potentially extract sensitive...
CVE-2022-50805
Senayan Library Management System 9.0.0 (SLiMS) contains a SQL injection in the value of the class parameter. The root cause is unsafely constructed SQL queries that allow crafted payloads to manipulate database queries, potentially exfiltrating sensitive information. Exploitation is described as...
CVE-2022-50805 Senayan Library Management System 9.0.0 - SQL Injection
Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. Attackers can exploit the vulnerability by submitting crafted payloads to manipulate database queries and potentially extract sensitive...
SLiMS 9 Bulian SQL注入漏洞
SLiMS 9 Bulian is a free and open source software from the SLiMS community in Indonesia. It is used for library resource management e.g. books, journals, digital files and other library materials and administration. An SQL injection vulnerability exists in SLiMS 9 Bulian version 9.0.0, which stem...
PT-2026-2362
Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. Attackers can exploit the vulnerability by submitting crafted payloads to manipulate database queries and potentially extract sensitive...
CVE-2025-13704
The Autogen Headers Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headclass' parameter of the 'autogenmenu' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-13704
CVE-2025-13704 affects the Autogen Headers Menu WordPress plugin. The issue is a stored cross-site scripting (XSS) in the shortcode parameter head_class used by the autogen_menu shortcode. The vulnerability arises from insufficient input sanitization and output escaping in all versions up to and ...
CVE-2025-13704 Autogen Headers Menu <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'head_class' Shortcode Parameter
The Autogen Headers Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headclass' parameter of the 'autogenmenu' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
PT-2026-1708
Name of the Vulnerable Software and Affected Versions Autogen Headers Menu plugin for WordPress versions up to and including 1.0.1 Description The Autogen Headers Menu plugin for WordPress is susceptible to Stored Cross-Site Scripting through the head class parameter of the autogen menu shortcode...
CVE-2025-13705
The Custom Frames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter of the 'customframe' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
EUVD-2025-203222
The Custom Frames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter of the 'customframe' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-13705 Custom Frames <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Parameter
The Custom Frames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter of the 'customframe' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...