CVE-2026-3772

The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'addpluginspage' and 'addthemespage' functions. This makes it possible for unauthenticated attackers to overwrite arbitrar...

EUVD-2026-26497

The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'addpluginspage' and 'addthemespage' functions. This makes it possible for unauthenticated attackers to overwrite arbitrar...

CVE-2025-5429

A vulnerability classified as critical was found in juzaweb CMS up to 3.4.2. This vulnerability affects unknown code of the file /admin-cp/plugin/install of the component Plugins Page. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been...

CVE-2025-5429

Juzaweb CMS (versions up to 3.4.2) contains a vulnerability in the Plugins Page, specifically the /admin-cp/plugin/install endpoint. The issue is described as improper access controls that can be triggered remotely, enabling unauthorized access. Multiple connected sources corroborate the vulnerab...

CVE-2025-5429 juzaweb CMS Plugins Page install access control

A vulnerability classified as critical was found in juzaweb CMS up to 3.4.2. This vulnerability affects unknown code of the file /admin-cp/plugin/install of the component Plugins Page. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been...

CVE-2024-41305

A Server-Side Request Forgery SSRF in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...

CVE-2024-41305

WonderCMS v3.4.3 contains a Server-Side Request Forgery (SSRF) in the Plugins Page disclosed across multiple sources. The vulnerability arises from unvalidated input in the pluginThemeUrl parameter, enabling an attacker to coerce the application into making arbitrary outgoing requests. Impact det...

PT-2024-29352 · Wondercms · Wondercms

Name of the Vulnerable Software and Affected Versions: WonderCMS version 3.4.3 Description: A Server-Side Request Forgery SSRF issue in the Plugins Page allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...

CVE-2024-41305

A Server-Side Request Forgery SSRF in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...

WonderCMS 安全漏洞

WonderCMS is a PHP-based open source content management system CMS from WonderCMS. A server-side request forgery vulnerability exists in WonderCMS version 3.4.3, which stems from a failure to properly validate user input in the Plugins Page, and can be exploited by an attacker to force the...

Piwigo Cross-Site Scripting Vulnerability

Piwigo is a Web-based open source photo gallery software. The software includes features such as image management, image categorization and permission management. A cross-site scripting vulnerability exists in Piwigo versions prior to 4.0.0beta4, which stems from a security issue in the...

CVE-2020-35578

An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature is mishandled during a plugin upload, a remote, authenticated admin user can execute operating-system commands...

CVE-2019-14680

The admin-renamer-extended aka Admin renamer extended plugin 3.2.1 for WordPress allows wp-admin/plugins.php?page=admin-renamer-extended/admin.php CSRF...

Cross site scripting

Cross-site scripting XSS vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the exclmanual parameter in the xclonershow page to wpadmin/plugins.php...

Netscape Communicator 4.06/4.5/4.6/4.51/4.61 EMBED Buffer Overflow Vulnerability

No description provided by source. / source: http://www.securityfocus.com/bid/618/info In several versions of Netscape Communicator, there is an unchecked buffer in the code that handles EMBED tags. The buffer is in the 'plugins page' option. This vulnerability can be exploited by a malicious...

Netscape Communicator 4.064.54.64.514.61 - EMBED Buffer Overflow

Netscape Communicator 4.064.54.64.514.61 - EMBED Buffer Overflow / source: https://www.securityfocus.com/bid/618/info In several versions of Netscape Communicator, there is an unchecked buffer in the code that handles EMBED tags. The buffer is in the 'plugins page' option. This vulnerability can ...