PT-2026-28625

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo is an open source video platform. The YPTWallet Stripe payment confirmation page directly outputs the $ REQUEST'plugin' parameter into a JavaScript block without proper encoding or...

CVE-2009-4231

Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and earlier allows remote attackers to include and execute arbitrary local files via .. dot dot in the plugin parameter...

EUVD-2012-4853

Malware in sbrugna...

EUVD-2019-16335

Malware in sbrugna...

EUVD-2008-4692

Malware in sbrugna...

EUVD-2005-0572

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-6896

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Directory traversal vulnerability in the wpajaxupdateplugin function in wp-admin/includes/ajax- actions.php in WordPress 4.5.3 allows remote authenticated users...

CVE-2023-0087

The Swifty Page Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘spmpluginoptionspagetreemaxwidth’ parameter in versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

CVE-2016-10751

osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the plugin parameter. This is exploitable for remote PHP code execution because an administrator can upload an image that contains PHP code in the EXIF data via index.php?page=ajax=ajaxupload...

CVE-2024-11688

CVE-2024-11688 is a reflected XSS in the WordPress LaTeX2HTML plugin. The vulnerability allows unauthenticated attackers to inject scripts via the ver or date parameters on pages that render the attack, affecting all versions up to and including 2.5.5. Connected Red Hat and other sources corrobor...

emlog 代码注入漏洞

emlog is emlog personal developer of a PHP and MySQL based CMS site building system. A code injection vulnerability exists in emlog Pro 2.4.1 and earlier versions, which originates from a cross-site scripting attack due to the manipulation of the filter parameter in the /admin/plugin.php file...

EazyDocs < 2.3.6 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress Plugin Delete Me Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Gumroad <= 3.1.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-1465 WPC Smart Wishlist for WooCommerce < 2.9.9 - Reflected Cross-Site Scripting

The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.9 does not sanitise and escape a parameter before outputting it back in an attribute via an AJAX action, leading to a Reflected Cross-Site Scripting issue...

Active Directory Integration / LDAP Integration < 3.6.95 - Reflected Cross-Site Scripting

The plugin does not escape the testusername parameter before outputting it back in the settings page, leading to a Reflected Cross-Site Scripting issue PoC...

UBUNTU-CVE-2019-6777

An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter...

Directory traversal

Directory traversal vulnerability in the wpajaxupdateplugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. dot dot in the plugin parameter to wp-admin/admin-ajax.php, as...

DEBIAN-CVE-2016-10148

The wpajaxupdateplugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a getplugindata call before checking the updateplugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to...

CVE-2016-6896

Directory traversal vulnerability in the wpajaxupdateplugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. dot dot in the plugin parameter to wp-admin/admin-ajax.php, as...