3502 matches found
WordPress plugin Subscribe to Comments security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2025-30125 · WordPress · Subscribe To Comments For Wordpress
Name of the Vulnerable Software and Affected Versions: Subscribe to Comments for WordPress versions prior to 2.1.3 Description: The Subscribe to Comments for WordPress is susceptible to a Local File Inclusion issue via the Path to header value. Authenticated attackers with administrative privileg...
CVE-2025-53836
XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Starting in version 4.2-milestone-1 and prior to versions 13.10.11, 14.4.7, and 14.10, the default macro content parser doesn't preserve the restricte...
PT-2025-29838 · Emlog · Emlog
Name of the Vulnerable Software and Affected Versions: Emlog versions through 2.5.17 Description: Emlog is a website building system. A cross-site scripting XSS issue exists in versions up to and including 2.5.17, allowing remote attackers to inject arbitrary web script or HTML via the comment an...
GHSA-32MF-57H2-64X9 XWiki Rendering is vulnerable to RCE attacks when processing nested macros
Impact The default macro content parser didn't preserve the restricted attribute of the transformation context when executing nested macros. This allows executing macros that are normally forbidden in restricted mode, in particular script macros. The cache and chart macros that are bundled in XWi...
PT-2025-29524 · Xwiki · Xwiki
Name of the Vulnerable Software and Affected Versions: XWiki versions 4.2-milestone-1 through 13.10.10 XWiki versions 14.4.0 through 14.4.6 XWiki versions 14.10.0 through 14.9.9 Description: XWiki Rendering is a system that converts textual input into different syntaxes. A flaw exists where the...
CLSA-2025-1750953703 Update of tzdata
Upgrade to tzdata-2025b - New zone for Aysén Region in Chile which moves from -04/-03 to -03. - Paraguay adopted permanent -03 starting spring 2024. - Improve pre-1991 data for the Philippines. - Etc/Unknown is now reserved. - Improve historical data for Mexico, Mongolia, and Portugal. - System V...
hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...
IBM InfoSphere Information Server 安全漏洞
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A security vulnerability exists in IBM InfoSphere Information Server versions 11.7.0.0 through...
CVE-2025-2935
The Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.7. This is due to missing or incorrect nonce validation in the 'ssoptionmaint.php' and 'ssuserfilterlist' files. This make...
CVE-2025-3919 WordPress Comments Import & Export <= 2.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
The WordPress Comments Import & Export plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savesettings function in all versions up to, and including, 2.4.3. Additionally, the plugin fails to properly sanitize and escape FTP settings...
WordPress plugin Comments Import & Export Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2025-22828
CloudStack users can add and read comments annotations on resources they are authorised to access. Due to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments annotations to suc...
CVE-2025-24613
Missing Authorization vulnerability in FolioVision FV Thoughtful Comments thoughtful-comments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FV Thoughtful Comments: from n/a through = 0.3.5...
CVE-2024-25906
Authentication Bypass by Spoofing vulnerability in WP Happy Coders Comments Like Dislike allows Functionality Bypass.This issue affects Comments Like Dislike: from n/a through 1.2.2...
CVE-2024-32689
Missing Authorization vulnerability in GenialSouls WP Social Comments.This issue affects WP Social Comments: from n/a through 1.7.3...
CVE-2024-31235
Cross-Site Request Forgery CSRF vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.5...
CVE-2024-30555
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sayan Datta Ultimate Social Comments – Email Notification & Lazy Load allows Stored XSS.This issue affects Ultimate Social Comments – Email Notification & Lazy Load: from n/a through 1.4.8...
CVE-2024-29804
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Team Heateor Fancy Comments WordPress allows Stored XSS.This issue affects Fancy Comments WordPress: from n/a through 1.2.14...
CVE-2024-28228
In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible...