76 matches found
WordPress plugin PhotoStack Gallery SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-8089
The PhotoStack Gallery plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 0.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
EUVD-2006-1640
Malware in sbrugna...
EUVD-2007-1504
Malware in sbrugna...
EUVD-2010-4841
Malware in sbrugna...
EUVD-2021-11421
Malware in sbrugna...
EUVD-2008-1700
Malware in sbrugna...
EUVD-2012-5768
Malware in sbrugna...
EUVD-2022-15734
Malicious code in bioql PyPI...
CVE-2021-24509
The Page View Count WordPress plugin before 2.4.9 does not escape the postid parameter of pvcstats shortcode, allowing users with a role as low as Contributor to perform Stored XSS attacks. A post made by a contributor would still have to be approved by an admin to have the XSS triggered in the...
CVE-2010-4876
SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows remote attackers to execute arbitrary SQL commands via the postID parameter...
CVE-2025-28400
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method...
RuoYi 安全漏洞
RuoYi is a backend management system for individual developers of RuoYi in China. A security vulnerability exists in RuoYi v.4.8.0, which can be exploited by a remote attacker to elevate privileges via the postID parameter...
CVE-2025-28400
CVE-2025-28400 affects RUoYi v4.8.0. A remote attacker can escalate privileges via the postID parameter in the edit method. Documented impact includes elevated privileges; CVSSv3.1 base score 6.7 (Medium). No explicit exploit details are provided in the connected documents. Remediation details ar...
CVE-2025-28400
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method...
CVE-2025-28400
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method...
CVE-2024-4874 Bricks Builder <= 1.9.8 - Insecure Direct Object Reference
The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and...
Sourcecodester Baby Care System SQL注入漏洞
Sourcecodester Baby Care System is an application of the Sourcecodester community in the United States. Sourcecodester Baby Care System v1.0 is vulnerable to SQL injection, which originates from the lack of validation of external input SQL in the /admin.php?id=posts & action=display & value=1 &...
CVE-2022-0640
The Pricing Table Builder WordPress plugin before 1.1.5 does not sanitize and escape the postid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
WordPress plugin Pricing Table Builder 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in...