CVE-2025-69376 WordPress User Extra Fields plugin <= 17.0 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through = 17.0...

CVE-2025-69376 WordPress User Extra Fields plugin <= 17.0 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through = 17.0...

CVE-2025-69377 WordPress User Extra Fields plugin <= 17.0 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through = 17.0...

CVE-2025-69377 WordPress User Extra Fields plugin <= 17.0 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through = 17.0...

CVE-2025-69376

CVE-2025-69376 affects WordPress plugin WordPress User Extra Fields (wp-user-extra-fields) up to version 17.0. The issue is described as improper limitation of a pathname to a restricted directory (path traversal). Public disclosures from NVD/Red Hat align on path traversal as the root cause, wit...

CVE-2025-69377

CVE-2025-69377 : WordPress WordPress User Extra Fields plugin (wp-user-extra-fields)

CVE-2025-67991 WordPress User Extra Fields plugin <= 16.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Reflected XSS.This issue affects User Extra Fields: from n/a through = 16.8...

CVE-2025-67991

CVE-2025-67991 affects WordPress plugin WordPress User Extra Fields (wp-user-extra-fields) up to version 16.8. The issue is an Improper Neutralization of Input During Web Page Generation, resulting in a Reflected Cross-Site Scripting (XSS) vulnerability. Exploitation details are not provided beyo...

CVE-2025-67991 WordPress User Extra Fields plugin <= 16.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Reflected XSS.This issue affects User Extra Fields: from n/a through = 16.8...

CVE-2026-25368

Missing Authorization vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Calculated Fields Form: from n/a through = 5.4.4.1...

WordPress plugin User Extra Fields 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions of...

PT-2026-21275

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow user settings.php submitting to admin/update user.php. Authenticated users can store malicious HTML/JavaScript in fields such as Firstname, lastname, email, and image url, which...

PT-2026-21310

Part-DB 0.4 contains an authentication bypass vulnerability that allows unauthenticated attackers to login by injecting SQL syntax into authentication parameters. Attackers can submit a single quote followed by 'or' in the login form to bypass credential validation and gain unauthorized access to...

WordPress plugin User Extra Fields 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

PT-2026-21299

Photobooth prior to 1.0.1 has a cross-site scripting XSS vulnerability in user input fields. Malicious users could inject scripts through unvalidated form inputs. This vulnerability is fixed in 1.0.1...

Apache Airflow < 3.1.6 Information Disclosure

The version of Apache Airflow installed on the remote host is prior to 3.1.6. It is, therefore, affected by an information disclosure vulnerability: - The proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not...

PT-2026-21158

Name of the Vulnerable Software and Affected Versions vanquish User Extra Fields wp-user-extra-fields versions through 17.0 Description The software contains a flaw related to improper limitation of a pathname to a restricted directory, also known as Path Traversal. This allows unauthorized acces...

WordPress plugin User Extra Fields 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions of...

PT-2026-21157

Name of the Vulnerable Software and Affected Versions vanquish User Extra Fields versions prior to 17.1 Description The software contains a flaw related to improper limitation of a pathname to a restricted directory, also known as a 'Path Traversal' issue. This allows for potential unauthorized...

CVE-2026-25368

Missing Authorization vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Calculated Fields Form: from n/a through = 5.4.4.1...