Arbitrary Code Injection

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Arbitrary Code Injection via the backup restore process. An attacker can execute arbitrary server-side code by uploading and restoring a specially crafted backup file. This is only exploitable if th...

OneUptime 代码注入漏洞

OneUptime is a comprehensive open-source solution developed by OneUptime. It is used to monitor and manage your online services. Versions of OneUptime 9.5.13 and earlier contain a code injection vulnerability. This vulnerability stems from the use of the unsafe node:vm module in the custom...

CVE-2025-67979

Improper Control of Generation of Code 'Code Injection' vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through = 4.0.1...

CVE-2025-52744

Improper Control of Generation of Code 'Code Injection' vulnerability in inpersttion Inpersttion For Theme err-our-team allows Code Injection.This issue affects Inpersttion For Theme: from n/a through = 1.0...

CVE-2025-67979

CVE-2025-67979 affects the WordPress plugin WPForms Google Sheet Connector (gsheetconnector-wpforms) up to version 4.0.1. The vulnerability is described as an improper control of generation of code (Code Injection) that enables remote code execution (RCE). Public sources in the connected data ide...

CVE-2025-67979 WordPress WPForms Google Sheet Connector plugin <= 4.0.1 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through = 4.0.1...

CVE-2025-67979 WordPress WPForms Google Sheet Connector plugin <= 4.0.1 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through = 4.0.1...

CVE-2025-52744

Summary: CVE-2025-52744 affects the WordPress plugin “Inpersttion For Theme” (err-our-team), with versions n/a through 1.0. The root cause is improper control of the generation of code, leading to arbitrary code execution (code injection). Affected software is vulnerable to code injection as desc...

CVE-2025-52744 WordPress Inpersttion For Theme plugin <= 1.0 - Arbitrary Code Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in inpersttion Inpersttion For Theme err-our-team allows Code Injection.This issue affects Inpersttion For Theme: from n/a through = 1.0...

CVE-2025-52744 WordPress Inpersttion For Theme plugin <= 1.0 - Arbitrary Code Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in inpersttion Inpersttion For Theme err-our-team allows Code Injection.This issue affects Inpersttion For Theme: from n/a through = 1.0...

CVE-2026-25006

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through = 9.6.4...

CVE-2026-22422

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in wpeverest Everest Forms everest-forms allows Code Injection.This issue affects Everest Forms: from n/a through = 3.4.1...

WordPress plugin Inpersttion For Theme 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

WordPress plugin WPForms Google Sheet Connector 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-21033

Name of the Vulnerable Software and Affected Versions Inpersttion For Theme versions n/a through 1.0 Description An improper control of generation of code issue, specifically a code injection, exists in Inpersttion For Theme. This allows for code injection. Recommendations Versions prior to 1.1 a...

WeRSS 代码注入漏洞

WeRSS is a WeChat official account system developed by Rachel. Versions of WeRSS 1.4.8 and earlier had a code injection vulnerability. This vulnerability originated from a cross-site scripting issue in the fixhtml function within the Article Module component’s files in tools/fix.py...

PT-2026-21052

Name of the Vulnerable Software and Affected Versions WPForms Google Sheet Connector versions through 4.0.1 Description A code injection issue exists in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms. The issue involves improper control of code generation, potentially allowing...

📄 Selenium Server (Grid) 4.27.0 Code Injection

Proof of concept exploit for Selenium Server Grid versions 4.27.0 and below that exploits firefoxprofile to force the browser to run bash commands. ============================================================================================================================================= | Title...

Exploit for Code Injection in Ivanti Endpoint_Manager_Mobile

Ivanti EPMM pre-auth RCE Dummy Target A simple demo applicati...

Arbitrary Code Injection

Overview dtale is a Web Client for Visualizing Pandas Objects Affected versions of this package are vulnerable to Arbitrary Code Injection via the /save-column-filter endpoint due to the improper validation of input to pandas' DataFrame.query used to construct Column filters. An attacker can...