260 matches found
CVE-2026-5169 Inquiry form to posts or pages <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Form Header Field
The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Form Header' field in versions up to and including 1.0. This is due to insufficient input sanitization when saving via updateoption and lack of output escaping when displaying the stored...
CVE-2026-5169
CVE-2026-5169 concerns the WordPress plugin “Inquiry Form to Posts or Pages” (versions
WordPress plugin Inquiry Form to Posts or Pages 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress Inquiry form to posts or pages plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Form Header Field vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Form Header Field vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Inquiry form to posts or pages versions = 1.0...
CVE-2026-4347
The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the 'generateuserfilepath' function and the 'movetempfiletouploaddir' function in all versions up to, and including, 5.1.0. This makes it possible for unauthenticated attackers ...
Pegasystems Pega Robot Studio 安全漏洞
Pegasystems Pega Robot Studio is an RPA Robotic Process Automation integration development environment provided by Pegasystems Corporation in the United States. There is a security vulnerability in Pegasystems Pega Robot Studio. This vulnerability stems from the possibility of arbitrary file...
How Vulnerable Are Computers to an 80-Year-Old Spy Technique? Congress Wants Answers
A pair of US lawmakers are calling for an investigation into how easily spies can steal information based on devices’ electromagnetic and acoustic leaks—a spying trick the NSA once codenamed TEMPEST...
CVE-2026-1589
A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/inquiry/index.php. This manipulation of the argument txtsearch causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed an...
CVE-2026-1589
A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/inquiry/index.php. This manipulation of the argument txtsearch causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed an...
CVE-2026-1589
A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/inquiry/index.php. This manipulation of the argument txtsearch causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed an...
CVE-2026-1589 itsourcecode School Management System index.php sql injection
A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/inquiry/index.php. This manipulation of the argument txtsearch causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed an...
CVE-2026-1589
A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/inquiry/index.php. This manipulation of the argument txtsearch causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed an...
EUVD-2026-4987
A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/inquiry/index.php. This manipulation of the argument txtsearch causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed an...
CVE-2026-1589
The CVE-2026-1589 entry affects itsourcecode School Management System 1.0. A SQL injection vulnerability exists in the /ramonsys/inquiry/index.php file, triggered by manipulating the txtsearch argument. This can be exploited remotely and has public disclosure. Affects an unknown function within t...
ITSsourcecode School Management System SQL Injection Vulnerability
itsourcecode School Management System is an open-source school management system developed by itsourcecode. Version 1.0 of itsourcecode School Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “txtsearch” in the file...
WordPress Email Inquiry & Cart Options for WooCommerce plugin <= 3.4.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin Email Inquiry & Cart Options for WooCommerce versions = 3.4.3...
CVE-2026-24526
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry & Cart Options for WooCommerce: from n/a throu...
CVE-2026-24526
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry & Cart Options for WooCommerce: from n/a throu...
CVE-2026-24526 WordPress Email Inquiry & Cart Options for WooCommerce plugin <= 3.4.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry & Cart Options for WooCommerce: from n/a throu...
CVE-2026-24526 WordPress Email Inquiry & Cart Options for WooCommerce plugin <= 3.4.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry & Cart Options for WooCommerce: from n/a throu...