WordPress Custom PHP Settings plugin <= 2.3.1 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Custom PHP Settings versions = 2.3.1...

EUVD-2026-10105

The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the updatewpmemoryconstants method. This is due to insufficient input validation on the wpmemorylimit and wpmaxmemorylimit settings before writing them to wp-config.php...

CVE-2026-3352 Easy PHP Settings <= 1.0.4 - Authenticated (Administrator+) PHP Code Injection via 'wp_memory_limit' Setting

The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the updatewpmemoryconstants method. This is due to insufficient input validation on the wpmemorylimit and wpmaxmemorylimit settings before writing them to wp-config.php...

CVE-2026-3352 Easy PHP Settings <= 1.0.4 - Authenticated (Administrator+) PHP Code Injection via 'wp_memory_limit' Setting

The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the updatewpmemoryconstants method. This is due to insufficient input validation on the wpmemorylimit and wpmaxmemorylimit settings before writing them to wp-config.php...

WordPress Easy PHP Settings plugin <= 1.0.4 - Authenticated (Administrator+) PHP Code Injection via 'wp_memory_limit' Setting vulnerability

Authenticated Administrator+ PHP Code Injection via 'wpmemorylimit' Setting vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin Easy PHP Settings versions = 1.0.4...

WordPress plugin Easy PHP Settings 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

EUVD-2002-0942

Malware in sbrugna...

CVE-2024-41347

openflights commit 5234b5b is vulnerable to Cross-Site Scripting XSS via php/settings.php...

CVE-2021-4375

The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the uscesdownloadsysteminformation function in versions up to, and including, 2.2.7. This makes it possible for authenticated attackers to download information including WordPres...

VulnCheck KEV: CVE-2002-1149

The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings...

CVE-2024-41347

openflights commit 5234b5b is vulnerable to Cross-Site Scripting XSS via php/settings.php...

CVE-2024-41347

openflights commit 5234b5b is vulnerable to Cross-Site Scripting XSS via php/settings.php...

OpenFlights 安全漏洞

OpenFlights is a tool by Jani Patokallio individual developer. It can map flights around the world. A security vulnerability exists in OpenFlights version 5234b5b, which stems from the presence of a cross-site scripting XSS vulnerability via php/settings.php...

PT-2024-29365

Name of the Vulnerable Software and Affected Versions openflights commit 5234b5b Description The issue is related to Cross-Site Scripting XSS via the php/settings.php file. This allows for potential malicious script execution. No information is provided about the estimated number of affected...

CVE-2021-4375

The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the uscesdownloadsysteminformation function in versions up to, and including, 2.2.7. This makes it possible for authenticated attackers to download information including WordPres...

Welcart e-Commerce < 2.2.8 - Authenticated System Information Disclosure

The uscesdownloadsysteminformation AJAX action of the plugin did not have capability check in place, allowing any authenticated user such as subscriber to can export data including WordPress settings, theme and plugins active/inactive along with their version, Welcart general settings and payment...

WHM.AutoPilot 2.4.6.5 - Multiple Vulnerabilities

WHM.AutoPilot 2.4.6.5 - Multiple Vulnerabilities WHM.AutoPilot Multiple Vulnerabilities Vendor: Benchmark Designs, LLC Product: WHM.AutoPilot Version: = 2.4.6.5 Website: http://www.whmautopilot.com/ BID: 12119 CVE: CVE-2004-1420 CVE-2004-1421 CVE-2004-1422 OSVDB: 12693 12694 12695 12696 12697...

Multiple vulnerabilities in Joomla-Base

Hello 3APA3A! These are Denial of Service, XML Injection, Cross-Site Scripting, Full path disclosure and Insufficient Anti-automation vulnerabilities in Joomla-Base. This is package of Joomla with different plugins with their vulnerabilities. These vulnerabilities are in Google Maps plugin for...

Information disclosure - ownCloud

Due to the inclusion of the Amazon SDK testing suite an unauthenticated attacker is able to gain additional informations about the server including: the PHP version the cURL version informations wether the following functions/modules are available: SimpleXML DOM SPL JSON PCRE File System Read/Wri...

Server: Information disclosure

Due to the inclusion of the Amazon SDK testing suite an unauthenticated attacker is able to gain additional informations about the server including: the PHP version the cURL version informations wether the following functions/modules are available: SimpleXML DOM SPL JSON PCRE File System Read/Wri...