JIRA Workflow Designer Plugin in Atlassian JIRA Server > 6.3.0 - Remote Code Execution (XXE)

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object. id: CVE-2017-5983 info: name:...

CVE-2025-57990 WordPress Blog Designer Plugin <= 3.1.8 - Broken Access Control Vulnerability

Missing Authorization vulnerability in solwininfotech Blog Designer blog-designer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Blog Designer: from n/a through = 3.1.8...

WordPress plugin SP Blog Designer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-23987

CVE-2025-23987: DOM-based XSS in WordPress Designer plugin (CodegearThemes Designer) affecting Designer versions up to 1.6.0. Public records (NVD/Red Hat) reiterate the same description. Patchstack entry indicates mitigation via a fix in 1.6.4 (and later). Recommendation: upgrade to 1.6.4 or newe...

CVE-2025-23987 WordPress Designer plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codegearthemes Designer designer allows DOM-Based XSS.This issue affects Designer: from n/a through = 1.6.4...

WordPress plugin Designer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Designer plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Yusuf Patchstack Alliance in WordPress Plugin Designer versions = 1.6.4...

WordPress plugin CoDesigner WooCommerce Builder for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-11437 Timeline Designer <= 1.4 - Authenticated (Admin+) SQL Injection

The Timeline Designer plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in all versions up to, and including, 1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2024-11437 Timeline Designer <= 1.4 - Authenticated (Admin+) SQL Injection

The Timeline Designer plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in all versions up to, and including, 1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2024-54225 WordPress Designer plugin <= 1.4.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in codegearthemes Designer designer allows PHP Local File Inclusion.This issue affects Designer: from n/a through = 1.4.1...

CVE-2024-54225 WordPress Designer plugin <= 1.3.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CodegearThemes Designer allows PHP Local File Inclusion.This issue affects Designer: from n/a through 1.3.3...

WordPress Designer plugin <= 1.4.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Designer versions = 1.4.1...

WordPress Product Designer Plugin <= 1.0.35 is vulnerable to Cross Site Scripting (XSS)

Software Product Designer Type Plugin Vulnerable versions = 1.0.35 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9111 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 972d8d8742f9 Credits Francesco Carlucci...

PT-2024-30632 · WordPress · Codesigner Woocommerce Builder For Elementor

Name of the Vulnerable Software and Affected Versions: The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress versions up to, and including, 4.4.1 Description: The issue is related to PHP Object Injection via deserialization of...

WordPress Backend Designer plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Cronus Patchstack Alliance in WordPress Plugin Backend Designer versions = 1.3...

CVE-2024-31277 WordPress Product Designer plugin <= 1.0.32 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in PickPlugins Product Designer.This issue affects Product Designer: from n/a through 1.0.32...

CVE-2023-47186 WordPress Kadence WooCommerce Email Designer Plugin <= 1.5.11 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Kadence WP Kadence WooCommerce Email Designer plugin = 1.5.11 versions...

WordPress Login Designer Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Login Designer Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 91d36b63e0ed Credits Rafie Muhammad Patchstack Require...

WordPress Contact Form 7 Designer Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form 7 Designer Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3bce7165bcf5 Credits Rafie Muhammad Patchstack...