CVE-2026-2425

The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'newdomain' parameter in all versions up to, and including, 2.0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

WordPress hiWeb Migration Simple plugin <= 2.0.0.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by san6051 - COFFSec in WordPress Plugin hiWeb Migration Simple versions = 2.0.0.1...

CVE-2026-2425 hiWeb Migration Simple <= 2.0.0.1 - Reflected Cross-Site Scripting via 'new_domain' Parameter

The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'newdomain' parameter in all versions up to, and including, 2.0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2026-2425

The WordPress plugin hiWeb Migration Simple (WordPress) is affected by a Reflected Cross-Site Scripting (XSS) vulnerability via the new_domain parameter in all versions up to 2.0.0.1. Root cause: insufficient input sanitization and output escaping. Impact: unauthenticated attackers can lure an ad...

CVE-2026-2425 hiWeb Migration Simple <= 2.0.0.1 - Reflected Cross-Site Scripting via 'new_domain' Parameter

The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'newdomain' parameter in all versions up to, and including, 2.0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

EUVD-2023-12786

Malicious code in bioql PyPI...

WordPress hiWeb Export Posts Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in WordPress hiWeb Export Posts, which stems from missing or incorrect random number validation, and can be exploited by a...

CVE-2025-7640 hiWeb Export Posts <= 0.9.0.0 - Cross-Site Request Forgery to Arbitrary File Deletion

The hiWeb Export Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.0.0. This is due to missing or incorrect nonce validation on the tool-dashboard-history.php file. This makes it possible for unauthenticated attackers to delete...

PT-2025-30653 · WordPress · Hiweb Export Posts

Name of the Vulnerable Software and Affected Versions: hiWeb Export Posts plugin for WordPress versions up to and including 0.9.0.0 Description: The hiWeb Export Posts plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on the...

WordPress plugin hiWeb Export Posts 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in WordPress hiWeb Export Posts, which stems from missing or incorrect random number validation, and can be exploited by a...

CVE-2023-0769

The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins...

CVE-2023-0769

The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins...

CVE-2023-0769

The CVE-2023-0769 entry concerns hiWeb Migration Simple WordPress plugin (

CVE-2023-0769 hiWeb Migration Simple <= 2.0.0.1 Reflected Cross-Site Scripting

The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins...

PT-2024-11928 · WordPress · Hiweb Migration Simple

Name of the Vulnerable Software and Affected Versions: hiWeb Migration Simple WordPress plugin versions 2.0.0.1 and earlier Description: The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitized and escaped before being outputted back in the pag...

WordPress hiWeb Migration Simple Plugin <= 2.0.0.1 is vulnerable to Cross Site Scripting (XSS)

Software hiWeb Migration Simple Type Plugin Vulnerable versions = 2.0.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0769 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 77c2c54b62e4 Credits Shreya Pohekar...

WordPress plugin hiWeb Migration Simple 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

hiweb cms background more permissions bypass-vulnerability warning-the black bar safety net

HIWEB is an entire Station management system, many schools in use this to take the station. But this cms background the presence of many of the permissions to bypass the problem. 1. http://xxxx/hiwebcms/system/USER/ You can directly see all the background user information 2...