233 matches found
WordPress plugin Nino Social Connect 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.25.08 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by Nabil Irawan in WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup versions = 5.25.08...
CVE-2024-11272
The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed fo...
WordPress WP Odoo Form Integrator plugin <=1.1.0 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WP Odoo Form Integrator versions = 1.1.0...
CVE-2025-25925
A stored cross-scripting XSS vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the personName.middleName parameter at /openmrs/admin/patients/shortPatientForm.form...
WordPress Picture Gallery plugin <= 1.6.3 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Picture Gallery versions = 1.6.3...
WordPress Go To Top plugin <= 0.0.8 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Go To Top versions = 0.0.8...
WordPress FTP Sync plugin <= 1.1.6 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by Abdi Pranata in WordPress Plugin FTP Sync versions = 1.1.6...
CVE-2025-25925
A stored cross-scripting XSS vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the personName.middleName parameter at /openmrs/admin/patients/shortPatientForm.form...
CVE-2025-25925
A stored cross-scripting XSS vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the personName.middleName parameter at /openmrs/admin/patients/shortPatientForm.form...
CVE-2025-25925
CVE-2025-25925 refers to a stored cross-site scripting (XSS) vulnerability in OpenMRS v2.4.3 Build 0ff0ed. The issue allows attackers to inject arbitrary web scripts or HTML via the personName.middleName field on the page /openmrs/admin/patients/shortPatientForm.form, enabling script execution in...
CVE-2025-25925
A stored cross-scripting XSS vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the personName.middleName parameter at /openmrs/admin/patients/shortPatientForm.form...
CVE-2024-13633
The Simple catalogue WordPress plugin through 1.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Adobe Experience Manager cross-scripting vulnerability (CNVD-2025-03621)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
PT-2025-7014 · Unknown · Notfound Coronavirus (Covid-19) Outbreak Data Widgets
Name of the Vulnerable Software and Affected Versions: NotFound Coronavirus COVID-19 Outbreak Data Widgets versions 1.1.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This...
PT-2025-7185
Name of the Vulnerable Software and Affected Versions: Kunal Shivale Global Meta Keyword & Description versions prior to 2.3 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing...
WordPress Rise Blocks plugin <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via TitleTag Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via TitleTag Parameter vulnerability discovered by Nishiv in WordPress Plugin Rise Blocks versions = 3.6...
PT-2025-5401 · Unknown · Subscription Dna
Name of the Vulnerable Software and Affected Versions: Subscription DNA versions n/a through 2.1 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability and Stored XSS in Subscription DNA. Recommendations: For versions n/a through 2.1, update to a version that include...
WordPress Legal + Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Legal + versions = 1.0...
WordPress Theme My Ontraport Smartform plugin <= 1.2.11 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin Theme My Ontraport Smartform versions = 1.2.11...