9 matches found
WordPress plugin Lizza LMS Pro 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress EduKart Pro plugin elevation of privilege vulnerability
WordPress EduKart Pro plugin is an e-commerce plugin for the WordPress platform that is primarily used to build and manage online stores. WordPress EduKart Pro plugin has an elevation of privilege vulnerability that stems from the edukartproregisteruserfrontend function not restricting user...
CVE-2025-51965
OURPHP thru 8.6.1 is vulnerable to Cross-Site Scripting XSS via the "Name" field of the "Complete Profile" functionality under the "My User Center" page, which can be accessed after registering through the front-end interface...
CVE-2025-51965
OURPHP thru 8.6.1 is vulnerable to Cross-Site Scripting XSS via the "Name" field of the "Complete Profile" functionality under the "My User Center" page, which can be accessed after registering through the front-end interface...
PT-2025-33411 · Ourphp · Ourphp
Name of the Vulnerable Software and Affected Versions: OURPHP versions through 8.6.1 Description: OURPHP through version 8.6.1 is susceptible to Cross-Site Scripting XSS via the Name field within the "Complete Profile" functionality located in the "My User Center" page. This functionality is...
CVE-2025-51965
CVE-2025-51965 affects OURPHP up to version 8.6.1, where the vulnerability is a Cross‑Site Scripting (XSS) flaw in the Name field of the Complete Profile function in My User Center, accessible after front‑end registration. The underlying issue and exploitation details are not further elaborated i...
Exploit for CVE-2025-47646
🔐 CVE-2025-47646 – PSW Front-end Login & Registration pswfo...
Jfinal cms xss vulnerability in frontend registry
Jfinal cms uses JFinal as a web framework , template engine with beetl, database with mysql, front-end bootstrap, flat ui and other frameworks. Support for multi-site , oauth2 authentication , account registration , password encryption , comments and replies , message alerts , site visits...
Arbitrary Command Execution Vulnerability in Knight CMS
Knight CMS Talent System is a professional talent system based on PHP+MYSQL. Knight CMS version 4.1.0 suffers from an arbitrary command execution vulnerability. Due to the Knight CMS V4.1.0 using the tp framework there is a template engine remote code execution vulnerability. Attackers can exploi...