CVE-2026-7624 SEO Plugin by Squirrly SEO <= 12.4.16 - Missing Authorization to Authenticated (Contributor+) Privileged Cloud API Operations

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

PT-2024-38635 · WordPress · Media Library Folders

Name of the Vulnerable Software and Affected Versions: Media Library Folders plugin for WordPress versions up to, and including, 8.2.3 Description: The issue is related to missing capability checks on several AJAX functions in the media-library-plus.php file. This allows authenticated attackers...

MyBB 代码注入漏洞

MyBB MyBulletinBoard is a free and web-based forum software developed by MyBB MYBB team using PHP and MySQL. The software is easy to use , support for multiple languages , scalable and so on. A code injection vulnerability exists in MyBB versions prior to 1.8.29, which allows an attacker to...

Chadha PHPKB Cross-Site Scripting Vulnerability (CNVD-2020-17370)

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A reflected cross-site scripting vulnerability exists in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language version 9...

iScripts UberforX Cross-Site Request Forgery Vulnerability

IScripts UberforX is an open source e-commerce solution from Iscripts USA. The solution has features such as inventory management, payment gateway support, and hole-in-the-ground application support.Admin Panel is one of the admin panels. A cross-site request forgery vulnerability exists in the...

iScripts UberforX Cross-Site Scripting Vulnerability

IScripts UberforX is an open source e-commerce solution from Iscripts USA. The solution has features such as inventory management, payment gateway support, and hole-in-the-ground application support.Admin Panel is one of the admin panels. A cross-site scripting vulnerability exists in the...

Cross site scripting

iScripts UberforX 2.2 has Stored XSS in the "managesettings" section of the Admin Panel via a value field to the /cms?section=managesettings&action=edit URI...

CVE-2018-10137

iScripts UberforX 2.2 has CSRF in the "managesettings" section of the Admin Panel via the /cms?section=managesettings&action=edit URI...

CVE-2018-10136

iScripts UberforX 2.2 has Stored XSS in the "managesettings" section of the Admin Panel via a value field to the /cms?section=managesettings&action=edit URI...

CVE-2018-10137

CSRF in iScripts UberforX 2.2 Admin Panel: the issue is in the manage_settings section exposed at /cms?section=manage_settings&action=edit. CVSS3 base score 8.8 (HIGH); attack vector NETWORK, user interaction REQUIRED, impacts on C/I/A HIGH. No exploitation details are provided in the documents; ...

iScripts Socialware - &#039;id&#039; SQL Injection

--==+================================================================================+==-- --==+ iScripts SocialWare SQL Injection Vulnerbility +==-- --==+================================================================================+==-- Discovered By: t0pP8uZz Discovered On: 8 April 2008 SITE...