CVE-2026-8626

The SponsorMe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

EUVD-2026-31024

The SponsorMe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2024-37888

The CVE-2024-37888 issue affects the Open Link CKEditor plugin, impacting users of versions prior to 1.0.5. The vulnerability is a cross-site scripting (XSS) flaw that enables JavaScript execution via abuse of the link href attribute in the plugin’s open link functionality. Remediation per source...

PT-2024-27812 · Ckeditor · Ckeditor Open Link Plugin

Name of the Vulnerable Software and Affected Versions: CKEditor Open Link plugin versions prior to 1.0.5 Description: The issue allows execution of JavaScript code by abusing the link href attribute. It affects users of the Open Link plugin. Recommendations: For versions prior to 1.0.5, update to...

PT-2024-40468 · Unknown · Simplesamlphp

Name of the Vulnerable Software and Affected Versions: SimpleSAMLphp versions prior to 1.14.4 Description: The issue allows attackers to display links targeting a malicious website inside a trusted site running SimpleSAMLphp, due to the lack of security checks involving the link href and retryURL...

CVE-2019-1010113

Premium Software CLEditor 1.4.5 and earlier is affected by: Cross Site Scripting XSS. The impact is: An attacker might be able to inject arbitrary html and script code into the web site. The component is: jQuery plug-in. The attack vector is: the victim must open a crafted href attribute of a lin...

DEBIAN-CVE-2012-0908

Cross-site scripting XSS vulnerability in logout.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the linkhref parameter...

HTML Email Creator 2.1b668 - html Local Overwrite (SEH)

/ :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered and Exploited by dun HTML Email Creator or or 520 | | NOPs jmp 11 pop-pop-ret NOPs shellcode NOPs 56 4 4 40 343 73 Greetz: suN8Hclf, str0ke...