admintwo 安全漏洞

admintwo is an application by xujiangfei individual developer. A security vulnerability exists in admintwo version 1.0, which originates from cross-site request forgery...

WordPress Booster for WooCommerce plugin 4.0.1-7.2.4 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by luckybuddy in WordPress Plugin Booster for WooCommerce versions 4.0.1-7.2.4...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.4.3 release.

Red Hat Developer Hub 1.4.3 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

WordPress Small Package Quotes – Worldwide Express Edition plugin <= 5.2.19 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika in WordPress Plugin Small Package Quotes – Worldwide Express Edition versions = 5.2.19...

WordPress XV Random Quotes plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh in WordPress Plugin XV Random Quotes versions = 2.0.0...

WordPress Testimonial Slider plugin <= 2.0.13 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k in WordPress Plugin Testimonial Slider versions = 2.0.13...

WordPress Unlimited Elements For Elementor plugin <= 1.5.142 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 1.5.142...

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.8 for Quarkus 3.15 update is now available (RHBQ 3.15.4.GA)

An update for Red Hat Build of Apache Camel 4.8 for Quarkus 3.15 update is now available RHBQ 3.15.4.GA. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product...

WordPress Residential Address Detection plugin <= 2.5.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika in WordPress Plugin Residential Address Detection versions = 2.5.4...

WordPress WooTumblog plugin <= 2.1.4 - Content Injection vulnerability

Content Injection vulnerability discovered by Mika in WordPress Plugin WooTumblog versions = 2.1.4...

WordPress MediaView plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Mika in WordPress Plugin MediaView versions = 1.1.2...

WordPress wpForo Forum plugin <= 2.4.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Revan Arifio Patchstack Alliance in WordPress Plugin wpForo Forum versions = 2.4.2...

WordPress Gravel Theme <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Software Gravel Type Theme Vulnerable versions = 1.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-31418 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8d65d0e5dbda Credits Mika Required privilege Unauthenticated...

WordPress Norse Rune Oracle Plugin plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Norse Rune Oracle Plugin versions = 1.4.3...

WordPress Directorist AddonsKit for Elementor plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Yusuf in WordPress Plugin Directorist AddonsKit for Elementor versions = 1.1.6...

WordPress Theater for WordPress plugin <= 0.18.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by theviper17 in WordPress Plugin Theater for WordPress versions = 0.18.7...

WordPress Eventbee RSVP Widget plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin Eventbee RSVP Widget versions = 1.0...

WordPress WP Plugin Info Card plugin <= 5.3.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin WP Plugin Info Card versions = 5.3.0...

WordPress Ni WooCommerce Cost Of Goods plugin <= 3.2.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NAWardRox in WordPress Plugin Ni WooCommerce Cost Of Goods versions = 3.2.8...

WordPress Nova Blocks by Pixelgrade plugin <= 2.1.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Nova Blocks versions = 2.1.8...