10240 matches found
Dolibarr ERP CRM 注入漏洞
Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Versions of Dolibarr ERP CRM 23.0.2 and earlier had a injection vulnerability. This vulnerability stemmed from the operation of the fields parameter in the checkValForAPI function of the Shipments API...
RUSTSEC-2026-0132 Potential out-of-bounds write via public `Context` fields
The Context struct has all fields public pub dlen, pub digest, etc.. Code from other modules within the same crate can directly modify dlen to a value exceeding the digest vector length. When reset is subsequently called, self.digestself.dlen as usize = 0 becomes an out-of-bounds write. Withdrawa...
Potential out-of-bounds write via public `Context` fields
The Context struct has all fields public pub dlen, pub digest, etc.. Code from other modules within the same crate can directly modify dlen to a value exceeding the digest vector length. When reset is subsequently called, self.digestself.dlen as usize = 0 becomes an out-of-bounds write. Withdrawa...
CVE-2026-5324
The Brizy – Page Builder for WordPress is vulnerable to unauthenticated stored XSS in versions up to 2.8.11, due to missing nonce verification for unauthenticated submissions, improper handling of FileUpload fields when no file is uploaded, and html_entity_decode() reversing stored encoding in ad...
CVE-2026-6457 Geo Mashup <= 1.13.19 - Authenticated (Subscriber+) SQL Injection via 'geo_mashup_null_fields' Parameter
The Geo Mashup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geomashupnullfields' parameter in all versions up to, and including, 1.13.19 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2026-5111
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping on Hidden Product field values when used inside Repeater fields, where repeater subfields bypass state...
CVE-2026-5111 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Hidden Product Field in Repeater
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping on Hidden Product field values when used inside Repeater fields, where repeater subfields bypass state...
CVE-2026-5111
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping on Hidden Product field values when used inside Repeater fields, where repeater subfields bypass state...
CVE-2026-5111 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Hidden Product Field in Repeater
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping on Hidden Product field values when used inside Repeater fields, where repeater subfields bypass state...
CVE-2026-5111
CVE-2026-5111: Gravity Forms for WordPress (
EUVD-2026-26744
The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping of Calculation Product field product names when rendered inside Repeater fields. The validat...
CVE-2026-5112 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Calculation Product Field in Repeater
The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping of Calculation Product field product names when rendered inside Repeater fields. The validat...
CVE-2026-5112
CVE-2026-5112 affects Gravity Forms for WordPress up to v2.10.0. An unauthenticated Stored XSS exists in the Calculation Product field within Repeater fields due to weak input validation and output escaping: validate() only checks the quantity field, sanitize_entry_value() returns raw HTML for no...
CVE-2026-7641
The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the saveextrauserprofilefields function. This is due to an incomplete blocklist that correctly restricts capability meta keys for the primary site e.g...
CVE-2026-4882 User Registration Advanced Fields <= 1.6.20 - Unauthenticated Arbitrary File Upload
The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAFAJAX::methodupload' function in all versions up to, and including, 1.6.20. This makes it possible for unauthenticated attackers to upload arbitrary...
CVE-2026-4882 User Registration Advanced Fields <= 1.6.20 - Unauthenticated Arbitrary File Upload
The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAFAJAX::methodupload' function in all versions up to, and including, 1.6.20. This makes it possible for unauthenticated attackers to upload arbitrary...
EUVD-2026-26734
The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAFAJAX::methodupload' function in all versions up to, and including, 1.6.20. This makes it possible for unauthenticated attackers to upload arbitrary...
CVE-2026-7641 Import and export users and customers <= 2.0.8 - Authenticated (Subscriber+) Privilege Escalation via Multisite Capability Meta Fields
The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the saveextrauserprofilefields function. This is due to an incomplete blocklist that correctly restricts capability meta keys for the primary site e.g...
WordPress plugin Import and export users and customers 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-36572
Name of the Vulnerable Software and Affected Versions Import and export users and customers plugin for WordPress versions prior to 2.0.9 Description An issue exists in the save extra user profile fields function where an incomplete blocklist fails to restrict capability meta keys for subsites in ...