CVE-2026-2420

The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

PT-2026-23846

The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

Shield Spirit Original Article Submission System 1.0 SQL Injection Vulnerability in Frontend

Shield Spirit Original Article Submission System 1.0 is a concise submission system. Shield Spirit Original Article Submission System 1.0 suffers from a SQL injection vulnerability in the frontend, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in Pushcoupon CMS Frontend

Push Couponer CMS is a completely free Taobao coupon website source code program that automatically collects products with coupons and automatically applies for high commission programs. Push Couponer CMS front-end SQL injection vulnerability, attackers can use the vulnerability to obtain sensiti...