WordPress SiteSEO plugin <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Broken Regex Expression vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Broken Regex Expression vulnerability discovered by stealthcopter in WordPress Plugin SiteSEO versions = 1.2.7...

WordPress Injection Guard plugin < 1.2.8 - Reflected XSS via $_SERVER['REQUEST_URI'] vulnerability

Reflected XSS via $SERVER'REQUESTURI' vulnerability discovered by Bob Matyas in WordPress Plugin Injection Guard versions 1.2.8...

CVE-2021-21298

Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier has a vulnerability which allows arbitrary path traversal via the Projects API. If the Projects feature is enabled, a user with projects.read permission is able to access any file via t...