Exploit for Improper Access Control in Getgrav Grav-Plugin-Admin

CVE-2021-21425 - GravCMS Unauthenticated RCE Unauthenticated...

CVE-2026-44737 grav-plugin-admin: Stored Cross-Site Scripting (XSS) Reflected endpoint /admin/pages/[page], parameter data[header][title]

grav-plugin-admin is the admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.10.49.5, the application fails to properly validate and sanitize user input in the dataheadertitle parameter. As a result,...

CVE-2026-44737

Grav grav-plugin-admin is affected by a XSS in the /admin/pages/[page] endpoint, via data[header][title], reported before upgrading to 1.10.49.5. The vulnerability arises from improper validation/sanitization of the data[header][title] parameter, leading to an injected script being reflected in t...

CVE-2026-44737

grav-plugin-admin is the admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.10.49.5, the application fails to properly validate and sanitize user input in the dataheadertitle parameter. As a result,...

Grav-Plugin-Admin 跨站脚本漏洞

Grav-Plugin-Admin is an administrative plugin developed by Grav, an open-source project. It is used to configure Grav pages. Versions of Grav-Plugin-Admin prior to 1.10.49.5 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper validation and cleaning of the...

CVE-2025-14907

The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce verification on the mspadminpage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forg...

Exploit for Improper Access Control in Getgrav Grav-Plugin-Admin

CVE-2021-21425 source: https://www.exploi...

EUVD-2018-10713

Malware in sbrugna...

EUVD-2016-1896

Malware in sbrugna...

EUVD-2017-15163

Malware in sbrugna...

EUVD-2023-32286

Malicious code in bioql PyPI...

EUVD-2024-46691

Malicious code in bioql PyPI...

WordPress Admin Menu Groups plugin <= 0.1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin Admin Menu Groups versions = 0.1.2...

CVE-2023-28618

Cross-Site Request Forgery CSRF vulnerability in Marios Alexandrou Enhanced Plugin Admin plugin = 1.16 versions...

CVE-2023-5641

The Martins Free & Easy SEO BackLink Link Building Network WordPress plugin before 1.2.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2021-3920

grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

CVE-2024-8854 Polls CP <= 1.0.75 - Admin+ Stored XSS via Custom Styles

The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multi site setup...

CVE-2024-12735 Advance Post Prefix <= 1.1.1 - Admin+ SQL Injection

The Advance Post Prefix WordPress plugin through 1.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins and above to perform SQL injection attacks...

CVE-2024-10149 Social Slider Feed < 2.2.9 - Admin+ Stored XSS via Widgets

The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2019-25223 Team Circle Image Slider With Lightbox <= 1.0.4 - Authenticated (Admin+) SQL Injection

The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...