CVE-2026-1867

The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend...

Design/Logic Flaw

Guriddo Form PHP 5.3 has XSS via the demos/jqform/defaultnodb/default.php OrderID, ShipName, ShipAddress, ShipCity, ShipPostalCode, ShipCountry, Freight, or details parameter...

Upserve : Blind stored xss in demo form

Through Upserve's demo request form, @pareshparmar found a blind XSS in a 3rd party package for Upserve's CRM system. While the CRM system and 3rd party package are out of scope for our program, we decided to reward @pareshparmar for his work in bringing this issue to our attention. - Endpoint...

idev-Subscribe 4.0 CSRF Vulnerability

Exploit for php platform in category web applications Application Name : idev-Subscribe 4.0 Vulnerable Type : CSRF Demo : http://idevspot.com/demos/idev-subscribe/admin Author : Jonturk75 Greetz: Inj3ct0r Exploit DataBase 1337day.com ShowShowHide 2 1 - Suspend user account access. 2 - Leave user...

idev-DigiShop 2.0 Cross Site Request Forgery

Exploit Title: idev-DigiShop 2.0 CSRF Author: Jonturk75 Vendor or Software Link: http://idevspot.com/ Category:: webapps Demo : http://idevspot.com/demos/idev-digishop/admin Greetz: Inj3ct0r Exploit DataBase 1337day.com ShowShowHide...