CVE-2024-55270

The CVE-2024-55270 entry affects phpgurukul Student Management System 1.0; the vulnerability is a SQL Injection in the admin/search.php endpoint via the searchdata parameter. The underlying issue is inadequate input sanitization in studentms/admin/search.php, enabling attacker-controlled SQL exec...

CVE-2025-70397

CVE-2025-70397 affects jizhicms 2.5.6. The vulnerability is a SQL Injection in two endpoints, Article/deleteAll and Extmolds/deleteAll, exploitable via the data parameter. Connected sources confirm the affected software and endpoints and mention a fix/update path in vendor advisories; no exploit ...

IP-COM W30AP 安全漏洞

The IP-COM W30AP is a wireless access point device from the US company IP-COM. The IP-COM W30AP version 1.0.0.111340 and earlier have a security vulnerability. This vulnerability stems from incorrect handling of the parameter “data” in the function R7WebsSecurityHandler within the...

PT-2026-1228

Name of the Vulnerable Software and Affected Versions Tenda AC1206 version 15.03.06.23 Description A remote command injection issue exists in the formBehaviorManager function within the /goform/BehaviorManager file of the httpd component. Manipulation of the modulename/option/data/switch argument...

WordPress Feedback Modal for Website plugin <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Feedback Data Exfiltration via 'export_data' Parameter vulnerability

Missing Authorization to Unauthenticated Arbitrary Feedback Data Exfiltration via 'exportdata' Parameter vulnerability discovered by Legion Hunter in WordPress Plugin Feedback Modal for Website versions = 1.0.1...

CVE-2025-15188

CVE-2025-15188 affects Campcodes Complete Online Beauty Parlor Management System 1.0. The vulnerability is a cross-site scripting flaw in the file /admin/search-invoices.php triggered by manipulating the searchdata parameter. It can be exploited remotely, and multiple sources indicate the exploit...

CVE-2025-9488

The Redux Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 4.5.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

EUVD-2025-203202

The Redux Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 4.5.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2025-9488

The Redux Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 4.5.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2025-9488

CVE-2025-9488 affects the Redux Framework WordPress plugin (≤4.5.8). It enables Stored Cross‑Site Scripting via the data parameter by authenticated users with Contributor+; scripts execute on the affected pages when loaded. Wordfence reports this CVE as patched (patch status: Patched); no exploit...

CVE-2025-9488 Redux Framework <= 4.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via data Parameter

The Redux Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 4.5.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2025-9488 Redux Framework <= 4.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via data Parameter

The Redux Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 4.5.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

PT-2025-51085

The Redux Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 4.5.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

WordPress Redux Framework plugin <= 4.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via data Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via data Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Redux Framework versions = 4.5.8...

EUVD-2020-30834

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the 'data' parameter by sending a POST request with file paths to delete arbitrary file...

CVE-2020-36898

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the 'data' parameter by sending a POST request with file paths to delete arbitrary file...

CVE-2020-36898 QiHang Media Web Digital Signage 3.0.9 Unauthenticated Arbitrary File Deletion

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the 'data' parameter by sending a POST request with file paths to delete arbitrary file...

CVE-2020-36898

Summary: CVE-2020-36898 affects QiHang Media Web Digital Signage 3.0.9, exposing an unauthenticated file-deletion vulnerability in the QH.aspx endpoint. The issue allows a remote attacker to delete arbitrary files by POSTing a radius of file paths using directory traversal via the data parameter,...

CVE-2020-36898 QiHang Media Web Digital Signage 3.0.9 Unauthenticated Arbitrary File Deletion

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the 'data' parameter by sending a POST request with file paths to delete arbitrary file...

PT-2025-50519

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the 'data' parameter by sending a POST request with file paths to delete arbitrary file...