22 matches found
CVE-2025-15369
The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getcontenteditor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create...
CVE-2025-15369
The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getcontenteditor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create...
CVE-2025-15369
CVE-2025-15369 affects the WordPress plugin Xpro Addons — 140+ Widgets for Elementor. All versions up to and including 1.5.0 are vulnerable due to a missing capability check in the get_content_editor function, enabling unauthenticated attackers to modify data and create published Xpro templates. ...
CVE-2025-15369 Xpro Addons — 140+ Widgets for Elementor <= 1.5.0 - Missing Authorization to Unauthenticated Xpro Template Creation
The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getcontenteditor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create...
CVE-2025-15369
The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getcontenteditor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create...
PT-2026-42086
The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get content editor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create...
CVE-2026-3425
The vulnerability CVE-2026-3425 affects the RTMKit Addons for Elementor WordPress plugin and is exploitable via a Local File Inclusion (LFI) flaw in all versions up to 2.0.2. The issue is triggered through the path parameter of the get_content AJAX action, allowing authenticated users with Author...
PT-2026-40594
The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.2 via the 'path' parameter of the 'get content' AJAX action. This makes it possible for authenticated attackers, with Author-level access and above, to include and...
CVE-2026-7788
Summary: CVE-2026-7788 affects Axle-Bucamp MCP-Docusaurus. A path traversal vulnerability exists in the file path app/routes/document.py, specifically in the functions update_document, continue_document, delete_document, and get_content, triggered by manipulating the DOCS_DIR/path argument. This ...
MCP Docusaurus Toolkit 路径遍历漏洞
MCP Docusaurus Toolkit is a documentation management and semantic search platform developed by Bucamp Axle’s individual developers. The MCP Docusaurus Toolkit has a path traversal vulnerability, which stems from the operations on the parameter DOCSDIR/path in the functions updatedocument,...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in getContent in ActionReportResultHtmlProvider.java, which is accessible via the REST Management Interface. An attacker can cause an administrator to change the admin password by convincing them to follow a...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in getContent in ActionReportResultHtmlProvider.java, which is accessible via the REST Management Interface. An attacker can cause an administrator to change the admin password by convincing them to follow a...
CVE-2025-14613
The GetContentFromURL plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0. This is due to the plugin using wpremoteget instead of wpsaferemoteget to fetch content from a user-supplied URL in the 'url' parameter of the gcfu shortcode. This...
CVE-2024-10352
The Magical Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.4 via the getcontenttype function in includes/widgets/content-reveal.php. This makes it possible for authenticated attackers, with Contributor-level acce...
WordPress Plugin LearnPress Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress...
VulnCheck KEV: CVE-2023-6634
The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the getcontent function. This is due to the plugin making use of the calluserfunc function with user input. This makes it possible for unauthenticated attackers to execute...
PT-2024-4517 · WordPress · Learnpress
Name of the Vulnerable Software and Affected Versions: LearnPress plugin for WordPress versions up to, and including, 4.2.5.7 Description: The issue is related to the LearnPress plugin for WordPress, which is vulnerable to command injection in all versions up to, and including, 4.2.5.7. This...
GHSA-V65R-P3VV-JJFV TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin
Impact A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before being stored in the undo stack. If t...
CVE-2009-5002
The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection...
CVE-2009-5002
The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection...