EUVD-2024-47642

Malicious code in bioql PyPI...

CVE-2024-6570

The Glossary plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.26. This is due the plugin utilizing wpdesk and not preventing direct access to the test files along with displayerrors being enabled. This makes it possible for unauthenticated...

CVE-2023-24378

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Codeat Glossary plugin = 2.1.27 versions...

CVE-2025-4803

The Glossary by WPPedia – Best Glossary plugin for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.0 via deserialization of untrusted input from the 'posttypes' parameter. This makes it possible for authenticated attackers, with...

WordPress plugin Glossary 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugi...

WordPress CM Tooltip Glossary Plugin <= 4.3.9 is vulnerable to Cross Site Scripting (XSS)

Software CM Tooltip Glossary Type Plugin Vulnerable versions = 4.3.9 Fixed in 4.3.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-48041 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8a6f9dafb4e1 Credits Robert DeVore Required privilege...

CVE-2024-43149 WordPress CM Tooltip Glossary Plugin <= 4.3.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in CreativeMindsSolutions CM Tooltip Glossary allows Stored XSS.This issue affects CM Tooltip Glossary: from n/a through 4.3.7...

CVE-2024-6570

The Glossary plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.26. This is due the plugin utilizing wpdesk and not preventing direct access to the test files along with displayerrors being enabled. This makes it possible for unauthenticated...

CVE-2024-6570 Glossary <= 2.2.26 - Unauthenticated Full Path Disclosure

The Glossary plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.26. This is due the plugin utilizing wpdesk and not preventing direct access to the test files along with displayerrors being enabled. This makes it possible for unauthenticated...

CVE-2024-6570 Glossary <= 2.2.26 - Unauthenticated Full Path Disclosure

The Glossary plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.26. This is due the plugin utilizing wpdesk and not preventing direct access to the test files along with displayerrors being enabled. This makes it possible for unauthenticated...

WordPress Glossary plugin <= 2.2.26 - Unauthenticated Full Path Disclosure vulnerability

Unauthenticated Full Path Disclosure vulnerability discovered by stealthcopter in WordPress Plugin Glossary versions = 2.2.26...

PT-2024-37726 · WordPress · Glossary Plugin

Name of the Vulnerable Software and Affected Versions: Glossary plugin for WordPress versions up to, and including, 2.2.26 Description: The issue is due to the plugin utilizing wpdesk and not preventing direct access to the test files, along with display errors being enabled. This allows...

CVE-2024-4086

The CM Tooltip Glossary – Powerful Glossary Plugin for WordPress (CM Tooltip Glossary) CVE-2024-4086; affected versions up to 4.2.11. Description: Cross-Site Request Forgery due to missing/incorrect nonce validation when saving settings, enabling unauthenticated attackers to change or reset plugi...

CVE-2024-4086 CM Tooltip Glossary – Powerful Glossary Plugin <= 4.2.11 - Cross-Site Request Forgery

The CM Tooltip Glossary – Powerful Glossary Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.11. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to chan...

WordPress CM Tooltip Glossary Plugin <= 4.2.11 is vulnerable to Cross Site Request Forgery (CSRF)

Software CM Tooltip Glossary Type Plugin Vulnerable versions = 4.2.11 Fixed in 4.3.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4086 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 099499e9a7ab Credits Benedictus Jova...

Glossary <= 3.1.2 - Missing Authorization

Description The Glossary plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on an unknown function in versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to make us...

CVE-2023-24378

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Codeat Glossary plugin = 2.1.27 versions...

CVE-2023-24378

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Codeat Glossary plugin = 2.1.27 versions...

CVE-2023-24378 WordPress Glossary Plugin <= 2.1.27 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Codeat Glossary plugin = 2.1.27 versions...

CVE-2023-24378 WordPress Glossary Plugin <= 2.1.27 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Codeat Glossary plugin = 2.1.27 versions...