CVE-2026-27131 Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground

The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other...

WordPress CMS Commander plugin <= 2.288 - Authenticated (Custom+) SQL Injection via 'or_blogname' Parameter vulnerability

Authenticated Custom+ SQL Injection via 'orblogname' Parameter vulnerability discovered by WordFence in WordPress Plugin CMS Commander versions = 2.288...

PT-2026-27233

Security Advisory — My Page Profile Update Improper Authorization Summary An improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Affected Versions - 1.x series: = 1.41.0 - 2.x series: = 2.41.0 Patched Versions - 1.41.1 - 2.41.1...

Tiki 安全漏洞

Tiki is a set of open-source content management and portal applications developed by the Tiki community. It can be used to create web applications, portals, intranets, extranets, etc. Version 21.2 of Tiki contains a security vulnerability, which stems from insufficient input validation of the...

OpenSource-WorkShop Connect-CMS 代码注入漏洞

OpenSource-WorkShop Connect-CMS is a content management system used by the OpenSource-WorkShop company, designed for easy website creation. Versions of OpenSource-WorkShop Connect-CMS prior to 1.41.0 and 2.41.0 contain a code injection vulnerability. This vulnerability stems from issues with the...

OpenSource-WorkShop Connect-CMS 代码问题漏洞

OpenSource-WorkShop Connect-CMS is a content management system used by the OpenSource-WorkShop company, designed for easy website creation. Versions of Connect-CMS prior to 1.41.0 and 2.41.0 contain code vulnerabilities due to cross-site scripting vulnerabilities in the Form Plugin file fields,...

OpenSource-WorkShop Connect-CMS 安全漏洞

OpenSource-WorkShop Connect-CMS is a content management system used by the OpenSource-WorkShop company, designed for easy website creation. Connect-CMS versions 1.41.0 and earlier, as well as 2.41.0 and earlier, have security vulnerabilities. These vulnerabilities stem from issues with the...

PT-2026-27219

Security Advisory — Code Study Plugin Summary An authenticated user may be able to execute arbitrary code in the Code Study Plugin. Affected Versions - 1.x series: = 1.41.0 - 2.x series: = 2.41.0 Patched Versions - 1.41.1 - 2.41.1 Description In the Code Study Plugin, an authenticated user could...

OpenSource-WorkShop Connect-CMS 访问控制错误漏洞

OpenSource-WorkShop Connect-CMS is a content management system used by the OpenSource-WorkShop company, designed for easy website creation. Versions of Connect-CMS prior to 1.41.0 and 2.41.0 contain an access control vulnerability. This vulnerability stems from improper authorization in the page...

PT-2026-27232

Security Advisory — Page Content Retrieval Improper Authorization Summary An improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Affected Versions - 1.x series: = 1.41.0 - 2.x series: = 2.41.0 Patched Versions - 1.41.1 - 2.41.1...

PutYourLightsOn Sprig Plugin for Craft CMS 安全漏洞

PutYourLightsOn Sprig Plugin for Craft CMS is a plugin developed by the Austrian company PutYourLightsOn, designed for Craft CMS. It provides dynamic content updates and interactive features. Versions of the plugin prior to 2.15.2 and 3.15.2 contained security vulnerabilities. These vulnerabiliti...

OpenSource-WorkShop Connect-CMS 代码问题漏洞

OpenSource-WorkShop Connect-CMS is a content management system developed by the OpenSource-WorkShop company, designed for easy website creation. Versions of OpenSource-WorkShop Connect-CMS prior to 1.41.0 and 2.41.0 contain code vulnerabilities. These vulnerabilities stem from the Page Management...

PT-2026-27230

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting XSS issue exists in the file field of the Form Plugin. Versions 1.41.1 and 2.41.1 contain a patch...

PT-2026-27229

Security Advisory — Cabinet Plugin DOM-based XSS Summary A DOM-based Cross-Site Scripting XSS issue exists in the Cabinet Plugin list view. Affected Versions - 1.x series: = 1.35.0, = 2.35.0, = 2.41.0 Patched Versions - 1.41.1 - 2.41.1 Description In the Cabinet Plugin list view, DOM-based...

PT-2026-27177

The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other...

EUVD-2019-19895

Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat...

EUVD-2019-19898

SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information...

CVE-2019-25573

Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat...

CVE-2019-25575

CVE-2019-25575 affects SimplePress CMS 1.0.7. The vulnerability is an SQL injection in the web app that permits unauthenticated attackers to craft GET requests via the p and s parameters to execute arbitrary SQL. Impact per sources includes extraction of sensitive data such as usernames, database...

CVE-2019-25574 Green CMS 2.x Path Traversal Arbitrary File Download

Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipulate the themename parameter in the themeexporthandle action or supply base64-encoded file paths to...