CVE-2025-23888

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GrandSlambert Custom Page Extensions custom-page-extensions allows Reflected XSS.This issue affects Custom Page Extensions: from n/a through = 0.6...

EUVD-2025-3506

Malicious code in bioql PyPI...

EUVD-2025-4012

Malicious code in bioql PyPI...

WordPress plugin Add custom page template 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Add custom...

[SECURITY] Fedora 41 Update: php-tcpdf-6.9.1-1.fc41

PHP class for generating PDF documents. no external libraries are required for the basic functions; all standard page formats, custom page formats, custom margins and units of measure; UTF-8 Unicode and Right-To-Left languages; TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0...

CVE-2025-25072

Cross-Site Request Forgery CSRF vulnerability in thunderbax WP Admin Custom Page wp-admin-custom-page allows Stored XSS.This issue affects WP Admin Custom Page: from n/a through = 1.5.0...

CVE-2025-25072

Cross-Site Request Forgery CSRF vulnerability in thunderbax WP Admin Custom Page wp-admin-custom-page allows Stored XSS.This issue affects WP Admin Custom Page: from n/a through = 1.5.0...

CVE-2025-25072 WordPress WP Admin Custom Page plugin <= 1.5.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in thunderbax WP Admin Custom Page wp-admin-custom-page allows Stored XSS.This issue affects WP Admin Custom Page: from n/a through = 1.5.0...

WordPress plugin WP Admin Custom Page 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2025-23888

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GrandSlambert Custom Page Extensions custom-page-extensions allows Reflected XSS.This issue affects Custom Page Extensions: from n/a through = 0.6...

CVE-2025-23888

CVE-2025-23888 refers to a Reflected XSS in the WordPress plugin NotFound Custom Page Extensions. The vulnerability arises from improper neutralization of input during web page generation, enabling injection of script through a page generation flow. Affected software/versions: Custom Page Extensi...

CVE-2025-23888 WordPress Custom Page Extensions Plugin <= 0.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GrandSlambert Custom Page Extensions custom-page-extensions allows Reflected XSS.This issue affects Custom Page Extensions: from n/a through = 0.6...

CVE-2025-23888 WordPress Custom Page Extensions Plugin <= 0.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GrandSlambert Custom Page Extensions custom-page-extensions allows Reflected XSS.This issue affects Custom Page Extensions: from n/a through = 0.6...

PT-2025-5171 · Unknown · Notfound Custom Page Extensions

Name of the Vulnerable Software and Affected Versions: NotFound Custom Page Extensions versions 0.6 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This enables attackers ...

WordPress plugin Custom Page Extensions 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress Custom Page Extensions Plugin <= 0.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Custom Page Extensions versions = 0.6...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPVibes Redirect 404 Error Page to Homepage or Custom Page with Logs allows SQL Injection.This issue affects Redirect 404 Error Page to Homepage or Custom Page with Logs: from n/a through 1.8.7...

WordPress Plugin Redirect 404 Error Page to Homepage or Custom Page with Logs SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Redirect 404 Error Page to...

WordPress Redirect 404 Error Page to Homepage or Custom Page with Logs Plugin <= 1.8.7 is vulnerable to SQL Injection

Software Redirect 404 Error Page to Homepage or Custom Page with Logs Type Plugin Vulnerable versions = 1.8.7 Fixed in 1.8.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-47530 Patch priority Medium CVSS severity Medium 7.6 Developer Claim ownership PSID c586c5b28368 Credit...

Lanling OA 安全漏洞

Lanling OA is an OA management system from the Chinese company Lanling. A security vulnerability exists in Lanling OA Landray Office Automation OA. An attacker can exploit this vulnerability to read arbitrary files via the component /sys/ui/extend/varkind/custom.jsp...