114 matches found
CVE-2025-67031
ORSEE Online Recruitment System for Economic Experiments 3.1.0 contains an authenticated Remote Code Execution vulnerability in the participant profile field processing subsystem. Certain field configurations accept values beginning with the prefix "func:" which are passed directly into an eval...
CVE-2026-6248 wpForo Forum <= 3.0.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Custom Profile Field File Path
The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.5. This is due to two compounding flaws: the Members::update method does not validate or restrict the value of file-type custom profile fields, allowing authenticated users to store ...
CVE-2018-25252
FTP Voyager 16.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by injecting oversized buffer data into the site profile IP field. Attackers can create a malicious site profile containing 500 bytes of repeated characters and paste it into the IP...
PT-2026-30372
FTP Voyager 16.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by injecting oversized buffer data into the site profile IP field. Attackers can create a malicious site profile containing 500 bytes of repeated characters and paste it into the IP...
EUVD-2026-14494
AVideo vulnerable to Stored XSS via htmlentitydecode Reversing xssesc Sanitization in Channel About Field...
CVE-2026-0844 Simple User Registration <= 6.7 - Authenticated (Subscriber+) Privilege Escalation via profile_save_field
The Simple User Registration plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7 due to insufficient restriction on the 'profilesavefield' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to...
CVE-2020-36960
Forma LMS 2.3 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into user profile first and last name fields. Attackers can craft scripts like '' to execute arbitrary JavaScript when the profile is viewed by other users...
CVE-2025-63644
CVE-2025-63644 is a stored XSS in pH7Software pH7-Social-Dating-CMS 17.9.1, specifically in the user profile Description field. The CVE entry lists CVSS v3.1 details: AV:N, AC:L, PR:L, UI:R, S:C, C:L/I:L, A:N with a base score of 5.4 (Medium). The root cause is a vulnerability in the Description ...
CVE-2025-63644
A stored cross-site scripting XSS vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the user profile Description field...
CVE-2025-13217 Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'value'
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the YouTube Video 'value' field in all versions up to, and including, 2.11.0. This is due to insufficient input...
CVE-2025-13217
The CVE CVE-2025-13217 is an authenticated Stored XSS in Ultimate Member for WordPress, triggered via the YouTube video URL field in profile-related input. The issue arises from insufficient input sanitization and output escaping in um_profile_field_filter_hook__youtube_video(), allowing Subscrib...
CVE-2025-13217 Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'value'
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the YouTube Video 'value' field in all versions up to, and including, 2.11.0. This is due to insufficient input...
EUVD-2018-18402
Malware in sbrugna...
EUVD-2018-18608
Malware in sbrugna...
EUVD-2020-17806
Malware in sbrugna...
EUVD-2018-18614
Malware in sbrugna...
EUVD-2018-7067
Malware in sbrugna...
EUVD-2021-13113
Malware in sbrugna...
EUVD-2008-0835
Malware in sbrugna...
EUVD-2014-9095
Malware in sbrugna...