EUVD-2026-26959

Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function...

CVE-2026-5226 Optimole <= 4.2.3 - Reflected Cross-Site Scripting via Page Profiler URL

The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient output escaping on user-supplied URL paths in the getcurrenturl function, which are inserted into...

RiteCMS 3.1.0 - Authenticated Remote Code Execution

Exploit Title: RiteCMS 3.1.0 - Authenticated Remote Code Execution Date: 2025-10-26 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/handylulu/RiteCMS Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: 3.1.0 Tested on: Window...

PT-2026-20340

Name of the Vulnerable Software and Affected Versions Blossom versions up to 1.17.1 Description A flaw exists in Blossom that allows for cross site scripting. The issue is located within the Article Title Handler component, specifically in the ArticleController.java file and its content function...

CVE-2025-67366

@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file content reading functionality. Version 0.5.8 of filesystem-mcp contains a critical path traversal vulnerability in its "readcontent" tool. This vulnerability arises from improper symlink handling in the path validation mechanism...

📄 RiteCMS 3.1.0 Remote Code Execution

RiteCMS version 3.1.0 suffers from an authenticated remote code execution vulnerability. Exploit Title: RiteCMS 3.1.0 - Authenticated Remote Code Execution RCE Date: 2025-10-26 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/handylulu/RiteCMS Software Link:...

WordPress plugin WP Scraper 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress...

Allegra 路径遍历漏洞

Allegra is a project management software for mid-sized organizations from Allegra. A path traversal vulnerability exists in Allegra, which stems from the getFileContentAsString function containing a directory traversal information disclosure vulnerability...

PT-2024-39049 · WordPress · Mas Static Content

Name of the Vulnerable Software and Affected Versions: MAS Static Content plugin for WordPress versions up to, and including, 1.0.8 Description: The issue allows authenticated attackers with contributor-level access and above to extract potentially sensitive information from private static conten...

WordPress plugin 140+ Widgets Best Addons For Elementor–FREE 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce < 5.7.18 - Missing Authorization

Description The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the gettemplatecontent function in all versions up to, and including,...

CVE-2024-1285

The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'gambitbuildersavecontent' function in all versions up to, and including, 5.1.0. This makes it possible for...

yxcms二次注入漏洞

简要描述： yxcms二次注入漏洞 详细说明： /protected/apps/member/controller/photoController.php $data'account'=$this-mesprefix.$this-auth'account'; $data'sort'=$POST'sort';//从这里入口 $data'exsort'=empty$POST'exsort'?'':implode',',$POST'exsort'; $data'title'=in$POST'title'; $data'keywords'=in$POST'keywords';...

Directory traversal

Directory traversal vulnerability in the getContent function in codes/wcms.php in w-CMS 2.01 allows remote attackers to read arbitrary files via a .. dot dot in the p parameter. NOTE: some of these details are obtained from third party information...

CVE-2012-6522

CVE-2012-6522 describes a directory traversal vulnerability in w-CMS 2.01 . The issue resides in the getContent function of codes/wcms.php , where an attacker can cause the system to read arbitrary files by supplying a ".." path segment in the p parameter. The vulnerability is triggered remotely ...