CVE-2026-25004

CVE-2026-25004 concerns the WordPress CM Business Directory plugin (cm-business-directory)

EUVD-2014-8954

Malware in sbrugna...

WordPress Plugin Invitation Code Content Restriction Plugin from CreativeMinds 安全漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

WordPress Invitation Code Content Restriction Plugin from CreativeMinds Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)

Software Invitation Code Content Restriction Plugin from CreativeMinds Type Plugin Vulnerable versions = 1.5.4 Fixed in 1.5.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4965 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownershi...

Invitation Code Content Restriction Plugin from CreativeMinds < 1.5.5 - Reflected Cross-Site Scripting

Description The Invitation Code Content Restriction Plugin from CreativeMinds plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘targetid’ parameter in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it...

creativeminds.se Cross Site Scripting vulnerability OBB-1282315

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

CVE-2014-8877

CM Downloads Manager for WordPress (CreativeMinds) contains a remote PHP code execution vulnerability (CVE-2014-8877) in the alterSearchQuery function of lib/controllers/CmdownloadController.php. The issue allows an attacker to inject PHP code via the CMDsearch parameter sent to cmdownloads/, whe...

CVE-2014-8877

The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP createfunction...

CVE-2014-9129

Cross-site request forgery CSRF vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the addonstitle parameter in the...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the addonstitle parameter in the...

CVE-2014-9129

Cross-site request forgery CSRF vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the addonstitle parameter in the...

CVE-2014-9129

CM Download Manager (WordPress) before version 2.0.7 is affected by CVE-2014-9129: a CSRF vulnerability allows authenticated admins to be hijacked and stored XSS via the addons_title field on the CMDM_admin_settings page (POST to wp-admin/admin.php). Root cause: insufficient validation/CSRF prote...

WordPress Plugin CM Download Manager 2.0.0 - Code Injection

WordPress Plugin CM Download Manager 2.0.0 - Code Injection Vulnerability title: Code Injection in Wordpress CM Download Manager plugin 2.0.0 CVE: CVE-2014-8877 Plugin: CM Download Manager plugin Vendor: CreativeMinds - https://www.cminds.com/ Link download:...

WordPress Plugin CM Download Manager 2.0.0 - Code Injection

Vulnerability title: Code Injection in Wordpress CM Download Manager plugin 2.0.0 CVE: CVE-2014-8877 Plugin: CM Download Manager plugin Vendor: CreativeMinds - https://www.cminds.com/ Link download: https://wordpress.org/plugins/cm-download-manager/ Affected version: 2.0.0 and previous version...

WordPress CM Download Manager 2.0.0 Code Injection

Vulnerability title: Code Injection in Wordpress CM Download Manager plugin CVE: CVE-2014-8877 Plugin: CM Download Manager plugin Vendor: CreativeMinds - https://www.cminds.com/ Product: https://wordpress.org/plugins/cm-download-manager/ Affected version: 2.0.0 and previous version Fixed version:...

WordPress CM Download Manager 2.0.0 Code Injection Vulnerability

WordPress CM Download Manager plugin versions 2.0.0 and below suffer from a code injection vulnerability. Vulnerability title: Code Injection in Wordpress CM Download Manager plugin CVE: CVE-2014-8877 Plugin: CM Download Manager plugin Vendor: CreativeMinds - https://www.cminds.com/ Product:...