44 matches found
CVE-2026-12154
The Reviews Widgets for Google, Yelp & TripAdvisor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pageid' shortcode attribute of the fbrev shortcode in versions up to and including 2.7.3. This is due to insufficient input sanitization and output escaping in the...
CVE-2026-12154 Reviews Widgets for Google, Yelp & TripAdvisor <= 2.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'page_id' Shortcode Attribute
The Reviews Widgets for Google, Yelp & TripAdvisor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pageid' shortcode attribute of the fbrev shortcode in versions up to and including 2.7.3. This is due to insufficient input sanitization and output escaping in the...
CVE-2026-12154
The Reviews Widgets for Google, Yelp & TripAdvisor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pageid' shortcode attribute of the fbrev shortcode in versions up to and including 2.7.3. This is due to insufficient input sanitization and output escaping in the...
CVE-2026-12154
The CVE concerns the WordPress plugin Reviews Widgets for Google, Yelp & TripAdvisor (fb-reviews-widget)
CVE-2026-10096
The Qi Blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.9 via the 'pageid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with author-level access and above, t...
CVE-2026-10096 Qi Blocks <= 1.4.9 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Style Modification via 'page_id' Parameter
The Qi Blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.9 via the 'pageid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with author-level access and above, t...
EUVD-2015-0566
Malware in sbrugna...
EUVD-2014-9067
Malware in sbrugna...
EUVD-2022-2882
Malicious code in bioql PyPI...
CVE-2023-31940
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the pageid parameter at articleedit.php...
CVE-2024-11713
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'pageid' parameter of the wpjobportaldeactivate function in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied...
CVE-2023-31940
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the pageid parameter at articleedit.php...
CVE-2023-31940
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the pageid parameter at articleedit.php...
CVE-2023-31940
CVE-2023-31940 affects Online Travel Agency System v1.0, with a SQL injection vulnerability in article_edit.php via the page_id parameter. The issue enables a remote attacker to execute arbitrary SQL commands, potentially compromising data confidentiality, integrity, and availability. Several lin...
Showdoc Unauthenticated Access
ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified pageid...
GHSA-PFRC-5HHQ-6HVR Showdoc Unauthenticated Access
ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified pageid...
CVE-2018-19620
ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified pageid...
CVE-2018-19620
ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified pageid...
Code injection
ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified pageid...
ShowDoc Annotation Editing Vulnerability
ShowDoc is an online document sharing tool. A security vulnerability exists in ShowDoc version 2.4.1. A remote attacker can exploit the vulnerability to modify a user's notes with a modified 'pageid' parameter...