WordPress JS Archive List <= 6.1.5 - SQL Injection

Miguel Useche JS Archive List contains an sql injection caused by improper neutralization of special elements in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires crafted input. id: CVE-2025-54726 info: name: WordPress JS Archive List = 6.1.5 - SQL Injection author:...

Odoo Apps - Cross-Site Scripting via Prototype Pollution

jquery-bbq 1.2.1 contains a prototype pollution caused by improperly controlled modification of object prototype attributes, letting malicious users inject properties into Object.prototype, exploit requires malicious user interaction. id: CVE-2021-20086 info: name: Odoo Apps - Cross-Site Scriptin...

WordPress Delightful Downloads Jquery File Tree 2.1.5 - Local File Inclusion

WordPress Delightful Downloads Jquery File Tree versions 2.1.5 and older are susceptible to local file inclusion vulnerabilities via jqueryFileTree. id: CVE-2017-1000170 info: name: WordPress Delightful Downloads Jquery File Tree 2.1.5 - Local File Inclusion author: dwisiswant0 severity: high...

WordPress Sexy Contact Form (<= 0.9.7) - Arbitrary File Upload

Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form formerly Sexy Contact Form before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute...

Blueimp jQuery-File-Upload v9.22.0 - Unrestricted File Upload

Blueimp jQuery-File-Upload v9.22.0 contains an unauthenticated arbitrary file upload caused by insufficient validation in the upload component, letting remote attackers upload malicious files, exploit requires no authentication. id: CVE-2018-9206 info: name: Blueimp jQuery-File-Upload v9.22.0 -...

WordPress Enable jQuery Migrate Helper plugin <= 1.4.1 - Missing Authorization to Authenticated (Subscriber+) jQuery Version Downgrade vulnerability

Missing Authorization to Authenticated Subscriber+ jQuery Version Downgrade vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin Enable jQuery Migrate Helper versions = 1.4.1...

CVE-2026-3279

The Enable jQuery Migrate Helper plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the downgradejqueryversion function in all versions up to, and including, 1.4.1. This is due to the function only verifying a nonce without checking user...

CVE-2026-3279 Enable jQuery Migrate Helper <= 1.4.1 - Missing Authorization to Authenticated (Subscriber+) jQuery Version Downgrade

The Enable jQuery Migrate Helper plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the downgradejqueryversion function in all versions up to, and including, 1.4.1. This is due to the function only verifying a nonce without checking user...

EUVD-2026-32099

The Enable jQuery Migrate Helper plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the downgradejqueryversion function in all versions up to, and including, 1.4.1. This is due to the function only verifying a nonce without checking user...

CVE-2026-3279

The CVE concerns the Enable jQuery Migrate Helper plugin for WordPress. A missing capability check in the downgrade_jquery_version() function (present in all versions up to 1.4.1) allows authenticated attackers with Subscriber-level access or higher to downgrade the site-wide jQuery from 3.7.1 to...

CVE-2026-3279 Enable jQuery Migrate Helper <= 1.4.1 - Missing Authorization to Authenticated (Subscriber+) jQuery Version Downgrade

The Enable jQuery Migrate Helper plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the downgradejqueryversion function in all versions up to, and including, 1.4.1. This is due to the function only verifying a nonce without checking user...

CVE-2026-3279

The Enable jQuery Migrate Helper plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the downgradejqueryversion function in all versions up to, and including, 1.4.1. This is due to the function only verifying a nonce without checking user...

PT-2026-43545

The Enable jQuery Migrate Helper plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the downgrade jquery version function in all versions up to, and including, 1.4.1. This is due to the function only verifying a nonce without checking user...

WordPress plugin Enable jQuery Migrate Helper 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress jQuery googleslides plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin jQuery googleslides versions = 1.3...

Astra Linux - уязвимость в jquery

In jQuery, starting from version 1.12.0 and before 3.5.0, passing HTML from untrusted sources—even after sanitizing it—to one of jQuery’s DOM manipulation methods e.g., .html, .append, etc. may execute untrusted code. This issue has been fixed in jQuery 3.5.0...

Astra Linux - уязвимость в jqueryui

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various Text options of the Datepicker widget from untrusted sources might execute untrusted code. This issue has been fixed in jQuery UI 1.13.0. The values passed to various Text options are...

Astra Linux - уязвимость в jquery

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources—even after sanitizing it—to one of jQuery’s DOM manipulation methods e.g., .html, .append, etc. may execute untrusted code. This issue has been fixed in jQuery 3.5.0...

Astra Linux - уязвимость в jqueryui

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option from untrusted sources might execute untrusted code. This issue has been fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS...

Astra Linux - уязвимость в jqueryui

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position utility from untrusted sources might execute untrusted code. This issue has been fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treat...