CVE-2026-1923

The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Code-Projects Chat System 注入漏洞

Chat System is a chat system. Chat System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter ID in the file /user/fetchmember.php. An attacker can exploit this vulnerability to execute illegal SQL commands to ste...

College Management System SQL注入漏洞

College Management System is a simple project organized by Code Projects. It is used to keep track of students, teachers, subjects, schedules and all things related to the university. College Management System version 1.0 has a SQL injection vulnerability that stems from a SQL injection...

SourceCodester Best Courier Management System Cross-Site Scripting Vulnerability

Best Courier Management System is a courier management system by Mayuri K. Individual developer. A cross-site scripting vulnerability exists in SourceCodester Best Courier Management System version 1.0, which stems from a parameter id in the file manageparcelstatus.php that causes cross-site...

Online Tours & Travels Management System SQL注入漏洞

Online Tours & Travels Management System is an online travel management system by Mayuri K. Individual developer. Online Tours & Travels Management System suffers from a SQL injection vulnerability, which stems from an incorrect manipulation of the parameter id leading to sql injection...

Online Leave Management System SQL注入漏洞

Sourcecodester Online Leave Management System is an online leave management system. A security vulnerability exists in Online Leave Management System v1.0, which originates from a SQL injection vulnerability in /maintenance/manageleavetype.php via the id parameter...