JuzaWeb CMS 3.4.2 - Authenticated Remote Code Execution

Exploit Title: JuzaWeb CMS 3.4.2 - Authenticated Remote Code Execution Date: 2026-01-10 Exploit Author: Sardor Shoakbarov Author GitHub: https://github.com/TheDeepOpc Vendor Homepage: https://juzaweb.com/ Software Link: https://github.com/juzaweb/ CVE: N/A Pending import requests import argparse...

EUVD-2017-6218

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-14721

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name. CVE-2017-14721 Note that Nessus relies on the...

CVE-2025-5421

A vulnerability, which was classified as critical, has been found in juzaweb CMS up to 3.4.2. Affected by this issue is some unknown functionality of the file /admin-cp/plugin/editor of the component Plugin Editor Page. The manipulation leads to improper access controls. The attack may be launche...

CVE-2025-5421 juzaweb CMS Plugin Editor Page editor access control

A vulnerability, which was classified as critical, has been found in juzaweb CMS up to 3.4.2. Affected by this issue is some unknown functionality of the file /admin-cp/plugin/editor of the component Plugin Editor Page. The manipulation leads to improper access controls. The attack may be launche...

CVE-2025-5421

CVE-2025-5421 affects juzaweb CMS up to version 3.4.2, targeting the Plugin Editor Page component at the file path /admin-cp/plugin/editor. The issue is described as improper access controls on a functionality whose exact behavior is not fully disclosed in the provided documents. The vulnerabilit...

CVE-2025-5421 juzaweb CMS Plugin Editor Page editor access control

A vulnerability, which was classified as critical, has been found in juzaweb CMS up to 3.4.2. Affected by this issue is some unknown functionality of the file /admin-cp/plugin/editor of the component Plugin Editor Page. The manipulation leads to improper access controls. The attack may be launche...

PT-2025-23441 · Unknown · Juzawebcms

Name of the Vulnerable Software and Affected Versions: juzaweb CMS versions up to 3.4.2 Description: A critical issue has been found in the Plugin Editor Page component, specifically affecting some unknown functionality of the file /admin-cp/plugin/editor. This issue leads to improper access...

Juzaweb CMS 安全漏洞

Juzaweb CMS is a content management system developed by Juzaweb Individual Developer based on the Laravel framework and Web platform. A security vulnerability exists in Juzaweb CMS 3.4.2 and earlier versions, which stems from improper access control in the file /admin-cp/plugin/editor...

CVE-2025-2703

The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...

Visual Composer Website Builder < 45.0.1 - Authenticated Stored XSS via Title

The plugin does not sanitise and escape post/page Title, which could allow users with access to the plugin's editor to perform Cross-Site Scripting attacks Create a post using the plugin editor and add the following payload in the Title: " The XSS will be triggered when editing the post again...

Visual Composer Website Builder < 45.0.1 - Authenticated Stored XSS via Text Block

The plugin does not sanitise and escape its Text Block fields, which could allow users with access to the plugin's editor to perform Cross-Site Scripting attacks Create a post using the plugin editor, add a Text Block and put the following payload in its content: The XSS will be triggered when...

Visual Composer Website Builder < 45.0.1 - Authenticated Stored XSS via Text Block

The plugin does not sanitise and escape its Text Block fields, which could allow users with access to the plugin's editor to perform Cross-Site Scripting attacks PoC Create a post using the plugin editor, add a Text Block and put the following payload in its content: The XSS will be triggered whe...

FreeBSD : wordpress -- multiple issues (a48d4478-e23f-4085-8ae4-6b3a7b6f016b)

wordpress developers report : Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. Before...

WordPress plugin editor cross-site scripting vulnerability

WordPress is the WordPress Software Foundation a set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site. plugin editor is one of the plugin editor. A cross-site scripting vulnerability exists in the plugin editor in...

UBUNTU-CVE-2017-14721

Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name...

Cross site scripting

Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name...

DEBIAN-CVE-2017-14721

Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name...

CVE-2017-14721

Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name...

CVE-2017-14721

Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name...