7 matches found
CVE-2026-46725
The CVE-2026-46725 vulnerability affects the TYPO3 extension Content Element Selector (ceselector). The issue arises when an attacker-controlled cookie is passed directly to PHP unserialize() without safe input handling, enabling PHP Object Injection that can lead to Remote Code Execution on the ...
CVE-2026-46725 Remote Code Execution in extension "Content Element Selector" (ceselector)
The extension passes an attacker-controlled cookie directly to PHP's unserialize without safely processing the input. A remote, unauthenticated attacker can supply a crafted serialized payload to trigger PHP Object Injection, leading to Remote Code Execution on the TYPO3 server. Exploitation...
CVE-2026-46725 Remote Code Execution in extension "Content Element Selector" (ceselector)
The extension passes an attacker-controlled cookie directly to PHP's unserialize without safely processing the input. A remote, unauthenticated attacker can supply a crafted serialized payload to trigger PHP Object Injection, leading to Remote Code Execution on the TYPO3 server. Exploitation...
TYPO3-EXT-SA-2026-013: Remote Code Execution in extension "Content Element Selector" (ceselector)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-013...
WordPress WordPress Dev Powers – Element Selector jQuery Powers Plugin Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)
Software WordPress Dev Powers – Element Selector jQuery Powers Plugin Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 441b1a9fb4...
WordPress WordPress Dev Powers – Element Selector jQuery Powers Plugin plugin <= 1.0.1 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress WordPress Dev Powers – Element Selector jQuery Powers Plugin plugin versions = 1.0.1. Solution No patched version available...
WordPress WordPress Dev Powers – Element Selector jQuery Powers Plugin plugin <= 1.0.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WordPress Dev Powers – Element Selector jQuery Powers Plugin plugin versions = 1.0.1. Solution No patched version available...