224 matches found
EUVD-2026-24636
The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-2714
The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-2714 Institute Management <= 5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Enquiry Form Title' Setting
The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-2714 Institute Management <= 5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Enquiry Form Title' Setting
The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-2714
The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-2714
CVE-2026-2714 affects the Institute Management plugin for WordPress (up to version 5.5). The vulnerability is a stored cross-site scripting issue in the Enquiry Form Title setting caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access at Administ...
PT-2026-34271
The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress plugin Institute Management 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. In versions...
CVE-2026-2838
The Whole Enquiry Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘woowholesuccessmsg’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
EUVD-2026-20099
The Whole Enquiry Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘woowholesuccessmsg’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
CVE-2026-2838
The Whole Enquiry Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘woowholesuccessmsg’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
CVE-2026-2838 Whole Enquiry Cart for WooCommerce <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'woowhole_success_msg' Parameter
The Whole Enquiry Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘woowholesuccessmsg’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
CVE-2026-2838
CVE-2026-2838 affects The Whole Enquiry Cart for WooCommerce plugin (WordPress). The issue is a Stored Cross-Site Scripting vulnerability in the parameter ‘woowhole_success_msg’ present in all versions up to and including 1.2.1, caused by insufficient input sanitization and output escaping. Explo...
WordPress Whole Enquiry Cart for WooCommerce plugin <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'woowhole_success_msg' Parameter vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'woowholesuccessmsg' Parameter vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Whole Enquiry Cart for WooCommerce versions = 1.2.1...
PT-2026-31091
Name of the Vulnerable Software and Affected Versions The Whole Enquiry Cart for WooCommerce plugin for WordPress versions up to and including 1.2.1 Description The Whole Enquiry Cart for WooCommerce plugin for WordPress is susceptible to Stored Cross-Site Scripting through the woowhole success m...
WordPress plugin Whole Enquiry Cart for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blogs on servers based on PHP and MySQL. Woocommerce is one of the e-commerce plugins. WP Fastest Cache is a...
CVE-2026-4991
A vulnerability was detected in QDOCS Smart School Management System up to 7.2. The impacted element is an unknown function of the file /admin/enquiry of the component Admission Enquiry Module. Performing a manipulation of the argument Note results in cross site scripting. The attack is possible ...
EUVD-2026-16897
A vulnerability was detected in QDOCS Smart School Management System up to 7.2. The impacted element is an unknown function of the file /admin/enquiry of the component Admission Enquiry Module. Performing a manipulation of the argument Note results in cross site scripting. The attack is possible ...
CVE-2026-4991
A vulnerability was detected in QDOCS Smart School Management System up to 7.2. The impacted element is an unknown function of the file /admin/enquiry of the component Admission Enquiry Module. Performing a manipulation of the argument Note results in cross site scripting. The attack is possible ...
CVE-2026-4991 QDOCS Smart School Management System Admission Enquiry enquiry cross site scripting
A vulnerability was detected in QDOCS Smart School Management System up to 7.2. The impacted element is an unknown function of the file /admin/enquiry of the component Admission Enquiry Module. Performing a manipulation of the argument Note results in cross site scripting. The attack is possible ...