53 matches found
CVE-2026-6399
The General Options plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.1.0. This is due to the use of sanitizetextfield for output escaping in the Contact Number adcontactnumber field — a function that strips HTML tags but does not encode...
CVE-2026-6399
The General Options plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.1.0. This is due to the use of sanitizetextfield for output escaping in the Contact Number adcontactnumber field — a function that strips HTML tags but does not encode...
CVE-2026-6399 General Options <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ad_contact_number' Parameter
The General Options plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.1.0. This is due to the use of sanitizetextfield for output escaping in the Contact Number adcontactnumber field — a function that strips HTML tags but does not encode...
CVE-2026-6399
The CVE concerns the WordPress General Options plugin (up to version 1.1.0). Root cause: the code uses sanitize_text_field() for output escaping in the ad_contact_number field, which strips HTML but does not encode double quotes, so when echoed inside a double-quoted HTML attribute (value="..."),...
CVE-2026-6399
The General Options plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.1.0. This is due to the use of sanitizetextfield for output escaping in the Contact Number adcontactnumber field — a function that strips HTML tags but does not encode...
CVE-2026-6399 General Options <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ad_contact_number' Parameter
The General Options plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.1.0. This is due to the use of sanitizetextfield for output escaping in the Contact Number adcontactnumber field — a function that strips HTML tags but does not encode...
EUVD-2026-31040
The General Options plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.1.0. This is due to the use of sanitizetextfield for output escaping in the Contact Number adcontactnumber field — a function that strips HTML tags but does not encode...
EUVD-2026-23919
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password page forgot-password.php. This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve...
CVE-2026-39110
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password page forgot-password.php. This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve...
PHPGurukul Apartment Visitors Management System 安全漏洞
PHPGurukul Apartment Visitors Management System is an apartment visitor management system developed by PHPGurukul Corporation. Version V1.1 of the PHPGurukul Apartment Visitors Management System has a security vulnerability. This vulnerability stems from an SQL injection issue with the contactno...
CVE-2024-44660
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the fullname, emailid, and contactno parameters in login.php...
CVE-2024-44660
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the fullname, emailid, and contactno parameters in login.php...
EUVD-2024-22543
Malicious code in bioql PyPI...
EUVD-2021-32810
Malicious code in bioql PyPI...
EUVD-2021-31092
Malicious code in bioql PyPI...
CVE-2025-57147
A SQL Injection vulnerability was found in phpgurukul Complaint Management System 2.0. The vulnerability is due to lack of input validation of multiple parameters including fullname, email, and contactno in user/registration.php...
Complaint Management System registration.php file SQL Injection Vulnerability
Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements for the fullname, email, and contactno parameters in user/registration.php. An...
PT-2025-36045
Name of the Vulnerable Software and Affected Versions: VoicemailSettingsActivity.java affected versions not specified Description: A potential work profile contact number leak exists due to a confused deputy condition within the onActivityResult function of the VoicemailSettingsActivity.java file...
CVE-2025-57147
A SQL Injection vulnerability was found in phpgurukul Complaint Management System 2.0. The vulnerability is due to lack of input validation of multiple parameters including fullname, email, and contactno in user/registration.php...
CVE-2025-57147
CVE-2025-57147 affects the phpgurukul Complaint Management System 2.0. The vulnerability is in the user/registration.php flow where input validation is missing for multiple parameters (fullname, email, contactno), enabling a SQL Injection . The sourced details indicate a high impact on confidenti...