1444 matches found
WordPress plugin Premium Addons for Elementor 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...
PT-2025-52732
Name of the Vulnerable Software and Affected Versions Premium Addons for Elementor versions prior to 4.11.54 Description The Premium Addons for Elementor plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by a lack of nonce validation within the insert inner templat...
WordPress Premium Addons for Elementor plugin <= 4.11.53 - Cross-Site Request Forgery via 'insert_inner_template' vulnerability
Cross-Site Request Forgery via 'insertinnertemplate' vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Premium Addons for Elementor versions = 4.11.53...
RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert
...
CVE-2025-12900
The CVE-2025-12900 entry concerns the WordPress FileBird plugin (FileBird – WordPress Media Library Folders & File Manager) with a vulnerability in all versions up to 6.5.1. Root cause: missing authorization in ConvertController::insertToNewTable due to insufficient validation on a user-controlle...
CVE-2025-40333
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix infinite loop in insertextenttree When we get wrong extent info data, and look up extentnode in rb tree, it will cause infinite loop CONFIGF2FSCHECKFS=n. Avoiding this by return NULL and print some kernel messages in th...
EUVD-2025-201634
In the Linux kernel, the following vulnerability has been resolved: accel/habanalabs: support mapping cb with vmalloc-backed coherent memory When IOMMU is enabled, dmaalloccoherent with GFPUSER may return addresses from the vmalloc range. If such an address is mapped without VMMIXEDMAP,...
CVE-2025-62686
A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 on macOS. Due to the absence of a hardened runtime and a RESTRICT segment, a local user may exploit the DYLDINSERTLIBRARIES environment...
SUSE CVE-2025-40264
In the Linux kernel, the following vulnerability has been resolved: be2net: pass wrbparams in case of OS2BMC beinsertvlaninpkt is called with the wrbparams argument being NULL at besendpkttobmc call site. This may lead to dereferencing a NULL pointer when processing a workaround for specific...
CVE-2025-62686
This CVE affects Plugin Alliance Installation Manager v1.4.0 on macOS, specifically the InstallationHelper service. The root cause is missing hardened runtime and a __RESTRICT segment, allowing local users to abuse the DYLD_INSERT_LIBRARIES environment variable to inject a dynamic library, potent...
CVE-2025-13380
The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. This is due to insufficient validation of user-supplied file paths in the 'lqdaiupdatepost' AJAX endpoint and the use of filegetconten...
CVE-2025-13380 AI Engine for WordPress: ChatGPT, GPT Content Generator <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read
The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. This is due to insufficient validation of user-supplied file paths in the 'lqdaiupdatepost' AJAX endpoint and the use of filegetconten...
CVE-2025-12904 SNORDIAN's H5PxAPIkatchu <= 0.4.17 - Unauthenticated Stored Cross-Site Scripting via insert_data
The SNORDIAN's H5PxAPIkatchu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'insertdata' AJAX endpoint in all versions up to, and including, 0.4.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
PT-2025-46934
Name of the Vulnerable Software and Affected Versions SNORDIAN's H5PxAPIkatchu plugin for WordPress versions through 0.4.17 Description The software is susceptible to Stored Cross-Site Scripting through the insert data API endpoint. Insufficient input sanitization and output escaping allow...
Exploit for CVE-2025-64495
CVE-2025-64495-POC Open WebUI vulnerable to Stored DOM XSS via...
WordPress Insert Headers and Footers Code – HT Script plugin <= 1.1.6 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Insert Headers and Footers Code – HT Script versions = 1.1.6...
CVE-2025-12112
The Insert Headers and Footers Code – HT Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via adding scripts in all versions up to, and including, 1.1.6 due to insufficient capability checks. This makes it possible for authenticated attackers, with Author-level access and...
WordPress plugin Insert Headers and Footers Code – HT Script 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2025-45547
Name of the Vulnerable Software and Affected Versions Insert Headers and Footers Code – HT Script plugin for WordPress versions prior to 1.1.7 Description The Insert Headers and Footers Code – HT Script plugin for WordPress is susceptible to Stored Cross-Site Scripting. This occurs because of...
PT-2025-45527
Name of the Vulnerable Software and Affected Versions Open WebUI versions 0.6.34 and below Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. A stored DOM XSS issue exists in the functionality that inserts custom prompts into the chat...