CVE-2026-3269

PSI Probe

CVE-2025-14364

The Demo Importer Plus plugin for WordPress is vulnerable to unauthorized modification of data, loss of data, and privilege escalation due to a missing capability check on the Ajax::handlerequest function in all versions up to, and including, 2.0.8. This makes it possible for authenticated...

CVE-2025-14364

CVE-2025-14364 affects the WordPress Demo Importer Plus plugin (versions

drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req()

...

CVE-2024-5941

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'handlerequest' function in all versions up to, and including, 3.14.1. This makes it possible for authenticated attackers,...

WordPress plugin GiveWP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin GiveWP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-37255 · WordPress · Givewp

Name of the Vulnerable Software and Affected Versions: GiveWP – Donation Plugin and Fundraising Platform versions prior to 3.13.1 Description: The issue allows unauthorized modification of data due to a missing capability check on the handle request function. This makes it possible for...

CVE-2024-22086

handlerequest in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution...

PT-2024-19197 · Cherry · Cherry

Name of the Vulnerable Software and Affected Versions: cherry versions through 4b877df Description: The issue is related to a stack-based buffer overflow in the handle request function in http.c due to the use of sscanf with a long URI, which can lead to remote code execution. Recommendations: Fo...

Exploit for CVE-2023-45828

CVE-2023-45828 RumbleTalk Live Group Chat = 6.1.9 - Missin...

Directory traversal

An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, available via the "zola serve" command, allows directory traversal. The handlerequest function, used by the server to process HTTP requests, does not account for sequences of special path control...

TokTok c-toxcore 缓冲区错误漏洞

c-toxcore is a peer-to-peer serverless instant messenger designed to make security and privacy easier for the average user. A buffer error vulnerability in TokTok c-toxcore, which stems from a stack-based buffer overflow in the handlerequest function in DHT.c caused by improperly calculating the...

OpenWrt and LEDE Cross-Site Scripting Vulnerabilities

Both OpenWrt and LEDE are Linux operating systems for embedded devices. The systems are capable of providing fully writable file systems and package management. A cross-site scripting vulnerability exists in the 'cgihandlerequest' function in OpenWrt versions 18.06.1 and earlier and LEDE versions...

CVE-2018-19630

cgihandlerequest in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?XSS URI...

AsusWRT router/httpd/httpd.c file access bypass vulnerability

ASUS AsusWRT is a set of router operating systems from ASUS. A security vulnerability exists in the 'handlerequest' function of the router/httpd/httpd.c file in versions prior to ASUS AsusWRT 3.0.0.4.38410007. An attacker can exploit this vulnerability to execute a POST request...