CVE-2025-15463 Advanced Custom Fields: Extended <= 0.9.2.3 - Unauthenticated Arbitrary Shortcode Execution

The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.9.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This make...

CVE-2025-14533

The Wordfence disclosure confirms CVE-2025-14533 affects the Advanced Custom Fields: Extended plugin for WordPress (

I-O Data Device UD-LT1和I-O Data Device UD-LT1/EX 安全漏洞

I-O Data Device UD-LT1 and I-O Data Device UD-LT1/EX are both products of I-O Data Device Japan.I-O Data Device UD-LT1 is a hybrid LTE router.I-O Data Device UD-LT1/EX is a hybrid LTE router and is the successor to the IO DATA UD-LT1 router. A security vulnerability exists in I-O Data Device UD-L...

WordPress Events Manager Pro – extended plugin <= 0.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability

CSRF to Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Events Manager Pro – extended versions = 0.1...

Extended-XSS-Search - Scans For Different Types Of XSS On A List Of URLs

This is the extended version based on the initial idea already published as "xssfinder". This private version allows an attacker to perform not only GET but also POST requests. Additionally its possible to proxy every request through Burp or another tunnel. First steps Rename the...