CVE-2025-12027 Mesmerize Companion <= 1.6.158 - Missing Authorization Authenticated (Subscriber+) Settings Update

The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor" functions in all versions up to, and including, 1.6.158. This makes it possible for authenticate...

CVE-2019-12361

EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page...

Foxit PDF Editor 安全漏洞

Foxit PDF Editor is a PDF editor from the Chinese company Foxit Foxit. A security vulnerability exists in Foxit PDF Editor that stems from improperly cleaned inputs in the page template feature, which could lead to stored cross-site scripting...

Cross-site Scripting (XSS)

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the corrected variable in the error page template when the trailingSlash configuration is set to 'always...

EUVD-2019-3996

Malware in sbrugna...

EUVD-2022-45207

Malicious code in bioql PyPI...

CVE-2025-43805

Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, and 7.3 GA through update 35 does not perform an authorization check when users attempt to view a display page template, which allows remote attackers to view display page...

CVE-2025-43805

CVE-2025-43805 affects Liferay Portal 7.3.0 through 7.4.3.111 and Liferay DXP 2023.Q4.0, 2023.Q3.1–2023.Q3.4, 7.4 GA up to update 92, and 7.3 GA up to update 35, where the system fails to perform an authorization check when viewing a display page template. This allows an unauthenticated, remote a...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

PT-2025-38085

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 and 2023.Q4.0 Liferay Portal 7.4 GA through update 92 Liferay Portal 7.3 GA through update 35 Description The software does not perform an...

CVE-2023-50372

Cross-Site Request Forgery CSRF vulnerability in Hiroaki Miyashita Custom Post Type Page Template.This issue affects Custom Post Type Page Template: from n/a through 1.1...

WordPress plugin Add custom page template 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Add custom...

com.xwiki.confluencepro:application-confluence-migrator-pro-ui Remote Code Execution via unescaped translations

Impact A user that doesn't have programming rights can execute arbitrary code when creating a page using the Migration Page template. A possible attack vector is the following: Create a page and add the following content: confluencepro.job.question.advanced.input=/html async async="true"...

CVE-2025-27603 XWiki Confluence Migrator Pro allows Remote Code Execution via unescaped translations

XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance. A user that doesn't have programming rights can execute arbitrary code due to an unescaped translation when creating a page using the Migration Page template. This vulnerability is fixed in 1.2.0...

CVE-2025-27603

CVE-2025-27603 affects the XWiki Confluence Migrator Pro — a tool used to import Confluence packages into XWiki. The issue arises from an unescaped translation when creating a page with the Migration Page template, allowing a user lacking programming rights to execute arbitrary code. The vulnerab...

CVE-2025-27603 XWiki Confluence Migrator Pro allows Remote Code Execution via unescaped translations

XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance. A user that doesn't have programming rights can execute arbitrary code due to an unescaped translation when creating a page using the Migration Page template. This vulnerability is fixed in 1.2.0...

CVE-2023-50372

Cross-Site Request Forgery CSRF vulnerability in Hiroaki Miyashita Custom Post Type Page Template.This issue affects Custom Post Type Page Template: from n/a through 1.1...

CVE-2023-50372

Cross-Site Request Forgery CSRF vulnerability in Hiroaki Miyashita Custom Post Type Page Template.This issue affects Custom Post Type Page Template: from n/a through 1.1...

CVE-2023-50372

CVE-2023-50372 affects the WordPress plugin Custom Post Type Page Template (

WordPress Plugin Custom Post Type Page Template Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...