com.airbus-cyber-security.graylog:graylog-plugin-aggregation-count (>=1.1.0 <=4.1.1), com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=1.0.0 <=6.1.7) +12 more potentially affected by unknown CVE via org.graylog2:graylog2-server (>=1.0.0-beta.3 <=6.1.8)

org.graylog2:graylog2-server MAVEN version =1.0.0-beta.3, =1.1.0, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1, =2.2.0, =1.1.0, =2.2.0, =2.2.0, =1.0.3, =1.0.0, =1.2.0, =1.3.4 Source cves: unknown CVE Source advisory: OSV:GHSA-Q9Q2-3PPX-MWQF...

CVE-2025-47481

Improper Control of Generation of Code 'Code Injection' vulnerability in GS Plugins GS Testimonial Slider gs-testimonial allows Code Injection.This issue affects GS Testimonial Slider: from n/a through = 3.2.9...

CVE-2025-47481 WordPress GS Testimonial Slider plugin <= 3.2.9 - Content Injection vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in GS Plugins GS Testimonial Slider gs-testimonial allows Code Injection.This issue affects GS Testimonial Slider: from n/a through = 3.2.9...

RockyLinux 8 : gstreamer1-plugins-base (RLSA-2024:3088)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3088 advisory. gstreamer-plugins-base: heap overwrite in subtitle parsing CVE-2023-37328 Tenable has extracted the preceding description block directly from the RockyLinux...

Malicious code in flush-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3721f875a277a2305e20b7d4a4dab350ce0ab60ce48c711a1bbb1301b461981 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3621 Malicious code in flush-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3721f875a277a2305e20b7d4a4dab350ce0ab60ce48c711a1bbb1301b461981 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-22872 affecting package cni-plugins for versions less than 1.3.0-8

CVE-2025-22872 affecting package cni-plugins for versions less than 1.3.0-8. A patched version of the package is available...

CVE-2024-13420

Multiple plugins and/or themes for WordPress are vulnerable to unauthorized access due to a missing capability check on several AJAX actions like 'gsfresetsectionoptions', 'gsfresetsectionoptions', 'gsfcreatepresetoptions' and more in various versions. This makes it possible for authenticated...

CVE-2024-13418

Multiple plugins and/or themes for WordPress are vulnerable to Arbitrary File Uploads due to a missing capability check on the ajaxUploadFonts function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files that c...

CVE-2024-13419

Multiple plugins and/or themes for WordPress using Smart Framework are vulnerable to Stored Cross-Site Scripting due to a missing capability check on the saveOptions and importThemeOptions functions in various versions. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2024-13418

Multiple plugins and/or themes for WordPress are vulnerable to Arbitrary File Uploads due to a missing capability check on the ajaxUploadFonts function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files that c...

CVE-2024-13418 Smart Framework <= Multiple Plugins - Authenticated (Subscriber+) Arbitrary File Upload

Multiple plugins and/or themes for WordPress are vulnerable to Arbitrary File Uploads due to a missing capability check on the ajaxUploadFonts function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files that c...

CVE-2024-13418 Smart Framework <= Multiple Plugins - Authenticated (Subscriber+) Arbitrary File Upload

Multiple plugins and/or themes for WordPress are vulnerable to Arbitrary File Uploads due to a missing capability check on the ajaxUploadFonts function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files that c...

CVE-2024-13420 Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Settings Updates

Multiple plugins and/or themes for WordPress are vulnerable to unauthorized access due to a missing capability check on several AJAX actions like 'gsfresetsectionoptions', 'gsfresetsectionoptions', 'gsfcreatepresetoptions' and more in various versions. This makes it possible for authenticated...

CVE-2024-13420

CVE-2024-13420 is documented as a vulnerability in the WordPress ecosystem where the Smart Framework family (Beyot Framework, Benaa Framework, Auteur Framework, April Framework) suffers from missing authorization checks on AJAX actions (e.g., gsf_reset_section_options, gsf_create_preset_options)....

CVE-2024-13420 Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Settings Updates

Multiple plugins and/or themes for WordPress are vulnerable to unauthorized access due to a missing capability check on several AJAX actions like 'gsfresetsectionoptions', 'gsfresetsectionoptions', 'gsfcreatepresetoptions' and more in various versions. This makes it possible for authenticated...

CVE-2024-13419

CVE-2024-13419 affects WordPress plugins/themes that use Smart Framework. The issue is a missing capability check in saveOptions() and importThemeOptions(), enabling authenticated users with Subscriber-level access or higher to update plugin/theme settings and inject custom JavaScript that runs s...

WordPress plugin April Framework、Auteur Framework、Benaa Framework和Beyot Framework 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress多款产品 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL, and the...

PT-2025-18355 · WordPress · Product Grid +6

Name of the Vulnerable Software and Affected Versions: The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin for WordPress versions up to, and including, 2.4.1 Description: The issue is related to...