EUVD-2026-10105

The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the updatewpmemoryconstants method. This is due to insufficient input validation on the wpmemorylimit and wpmaxmemorylimit settings before writing them to wp-config.php...

CVE-2026-3352 Easy PHP Settings <= 1.0.4 - Authenticated (Administrator+) PHP Code Injection via 'wp_memory_limit' Setting

The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the updatewpmemoryconstants method. This is due to insufficient input validation on the wpmemorylimit and wpmaxmemorylimit settings before writing them to wp-config.php...

CVE-2026-3352 Easy PHP Settings <= 1.0.4 - Authenticated (Administrator+) PHP Code Injection via 'wp_memory_limit' Setting

The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the updatewpmemoryconstants method. This is due to insufficient input validation on the wpmemorylimit and wpmaxmemorylimit settings before writing them to wp-config.php...

WordPress Easy PHP Settings plugin <= 1.0.4 - Authenticated (Administrator+) PHP Code Injection via 'wp_memory_limit' Setting vulnerability

Authenticated Administrator+ PHP Code Injection via 'wpmemorylimit' Setting vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin Easy PHP Settings versions = 1.0.4...

WordPress plugin Easy PHP Settings 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2003-1146

Cross-site scripting XSS vulnerability in John Beatty Easy PHP Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the dir parameter...

EUVD-2008-6977

Malware in sbrugna...

EUVD-2003-1136

Malware in sbrugna...

EUVD-2013-1945

Malware in sbrugna...

CVE-2013-1955

Multiple cross-site scripting XSS vulnerabilities in 1 index.php and 2 datePicker.php in Easy PHP Calendar 6.x and 7.x before 7.0.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

John Beatty Easy PHP Photo Album 1.0 dir Parameter HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8977/info It has been reported that Easy PHP Photo Album is prone to a HTML injection vulnerability that may allow an attacker to execute HTML code in a user's browser. The issue is reported to be present in the 'dir'...

CVE-2013-1955

Multiple cross-site scripting XSS vulnerabilities in 1 index.php and 2 datePicker.php in Easy PHP Calendar 6.x and 7.x before 7.0.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in 1 index.php and 2 datePicker.php in Easy PHP Calendar 6.x and 7.x before 7.0.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2013-1955

CVE-2013-1955 : The vulnerability affects Easy PHP Calendar 6.x and 7.x, with versions before 7.0.13. It covers two components, index.php and datePicker.php, where remote attackers can inject arbitrary web script or HTML via unspecified vectors (XSS). The descriptions do not specify exploitation ...

CVE-2013-1955

Multiple cross-site scripting XSS vulnerabilities in 1 index.php and 2 datePicker.php in Easy PHP Calendar 6.x and 7.x before 7.0.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2008-7018

Cross-site scripting XSS vulnerability in NashTech Easy PHP Calendar 6.3.25 allows remote attackers to inject arbitrary web script or HTML via the Details field descr parameter in an Add New Event action in an unspecified request as generated by an add action in index.php...

CVE-2008-7018

Cross-site scripting XSS vulnerability in NashTech Easy PHP Calendar 6.3.25 allows remote attackers to inject arbitrary web script or HTML via the Details field descr parameter in an Add New Event action in an unspecified request as generated by an add action in index.php...

CVE-2008-7018

CVE-2008-7018 describes a cross-site scripting (XSS) vulnerability in NashTech Easy PHP Calendar 6.3.25. An attacker can inject arbitrary web script or HTML via the Details field (descr parameter) when adding a new event in index.php. The affected component is the Add New Event action; the exact ...

CVE-2003-1146

The CVE describes a cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo Album 1.0, exploitable via the dir parameter to inject arbitrary script/HTML. Multiple sources (NVD, Red Hat, CVE List) confirm the issue and its description. No explicit exploitation details, vectors beyon...

John Beatty Easy PHP Photo Album 1.0 - dir HTML Injection

John Beatty Easy PHP Photo Album 1.0 - dir HTML Injection source: https://www.securityfocus.com/bid/8977/info It has been reported that Easy PHP Photo Album is prone to a HTML injection vulnerability that may allow an attacker to execute HTML code in a user's browser. The issue is reported to be...