65 matches found
WordPress PrivateContent Free plugin <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'align' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'align' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin PrivateContent Free versions = 1.2.0...
EUVD-2026-20431
The PrivateContent Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' shortcode attribute in the pc-login-form shortcode in all versions up to, and including, 1.2.0. This is due to insufficient input sanitization and output escaping on the 'align' attribute...
CVE-2026-4025
The PrivateContent Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' shortcode attribute in the pc-login-form shortcode in all versions up to, and including, 1.2.0. This is due to insufficient input sanitization and output escaping on the 'align' attribute...
CVE-2026-4025
CVE-2026-4025 affects the PrivateContent Free WordPress plugin (pre-1.2.0). The flaw is a Stored XSS in the [pc-login-form] shortcode via the align attribute, caused by insufficient sanitization and lack of escaping when the attribute flows from the shortcode to pc_static::form_align() and is con...
CVE-2026-4025 PrivateContent Free <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'align' Shortcode Attribute
The PrivateContent Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' shortcode attribute in the pc-login-form shortcode in all versions up to, and including, 1.2.0. This is due to insufficient input sanitization and output escaping on the 'align' attribute...
CVE-2026-4025 PrivateContent Free <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'align' Shortcode Attribute
The PrivateContent Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' shortcode attribute in the pc-login-form shortcode in all versions up to, and including, 1.2.0. This is due to insufficient input sanitization and output escaping on the 'align' attribute...
CVE-2026-4025
The PrivateContent Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' shortcode attribute in the pc-login-form shortcode in all versions up to, and including, 1.2.0. This is due to insufficient input sanitization and output escaping on the 'align' attribute...
PT-2026-31286
Name of the Vulnerable Software and Affected Versions PrivateContent Free versions up to and including 1.2.0 Description The PrivateContent Free plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'align' shortcode attribute within the pc-login-form shortcode. This occu...
WordPress plugin PrivateContent Free 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
EUVD-2025-19981
Malicious code in bioql PyPI...
EUVD-2025-5442
Malicious code in bioql PyPI...
EUVD-2025-7726
Malicious code in bioql PyPI...
EUVD-2025-7725
Malicious code in bioql PyPI...
EUVD-2023-12621
Malicious code in bioql PyPI...
EUVD-2025-7724
Malicious code in bioql PyPI...
WordPress PrivateContent-Mail Actions File Inclusion Vulnerability
WordPress PrivateContent-Mail Actions is the name of the plugin or feature module for mail actions and member management. WordPress PrivateContent-Mail Actions suffers from a file inclusion vulnerability that stems from improper file inclusion control, which can be exploited by an attacker to cau...
CVE-2025-47627
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in LCweb PrivateContent - Mail Actions allows PHP Local File Inclusion. This issue affects PrivateContent - Mail Actions: from n/a through 2.3.2...
CVE-2025-47627
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in LCweb PrivateContent - Mail Actions allows PHP Local File Inclusion. This issue affects PrivateContent - Mail Actions: from n/a through 2.3.2...
CVE-2025-47627
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in LCweb PrivateContent - Mail Actions allows PHP Local File Inclusion. This issue affects PrivateContent - Mail Actions: from n/a through 2.3.2...
CVE-2025-47627 WordPress PrivateContent - Mail Actions plugin <= 2.3.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in LCweb PrivateContent - Mail Actions allows PHP Local File Inclusion. This issue affects PrivateContent - Mail Actions: from n/a through 2.3.2...