CVE-2026-6728

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.9 via the 'getstreamdata' function. This makes it possible for unauthenticated attackers to extract sensitive data including published password-protected post, page, an...

DRUPAL-CONTRIB-2025-118

The module provides instant integration of the official CKEditor 5 Premium plugins into the Drupal editor configuration. This module has a path traversal vulnerability, which allows an access bypass to restricted image files in the system. This access bypass is possible for any account with a Vie...

CKEditor 5 Premium Features - Moderately critical - Access bypass - SA-CONTRIB-2025-118

The module provides instant integration of the official CKEditor 5 Premium plugins into the Drupal editor configuration. This module has a path traversal vulnerability, which allows an access bypass to restricted image files in the system. This access bypass is possible for any account with a Vie...

EUVD-2020-17481

Malware in sbrugna...

DRUPAL-CONTRIB-2025-097

The Layout Builder Advanced Permissions module enables you to have fine grained control over who can do what in editing pages built with Layout Builder. The module doesn't sufficiently control access for adding sections in the submodule. This vulnerability is mitigated by the fact that an attacke...

CVE-2024-0615

The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.0 via the API. This makes it possible for unauthenticated attackers to...

CVE-2024-0615 Content Control <= 2.1.0 - Missing Authorization to Sensitive Information Exposure

The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.0 via the API. This makes it possible for unauthenticated attackers to...

PT-2024-15691 · WordPress · The Content Control – The Ultimate Content Restriction Plugin

Name of the Vulnerable Software and Affected Versions: The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress versions up to, and including, 2.1.0 Description: The plugin is vulnerable to Sensitive Information Exposur...

Nexus PHP Access Control Error Vulnerability

NexusPHP is a free and open source complete PT site building solution. NexusPHP is vulnerable to an access control error that could be exploited by attackers to access published content...

CVE-2020-24771

Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content...

NexusPHP 安全漏洞

NexusPHP is a free and open source complete PT site building solution. NexusPHP is vulnerable to an access control error that could be exploited by attackers to access published content...

PT-2022-8695 · Nexusphp · Nexusphp

Name of the Vulnerable Software and Affected Versions: NexusPHP version 1.5.beta5.20120707 Description: The issue is related to incorrect access control, allowing unauthorized attackers to access published content. Recommendations: For NexusPHP version 1.5.beta5.20120707, consider restricting...

PT-2021-15909 · WordPress · Jetpack

Name of the Vulnerable Software and Affected Versions: JetPack WordPress plugin versions prior to 9.8 Description: A security issue was found in the Jetpack Carousel module, which allows users to create image galleries and comment on images. This issue, discovered by nguyenhg vcs, enables the...

SAP BusinessObjects Business Intelligence Stored Cross-Site Scripting Vulnerability (CNVD-2019-34407)

SAP BusinessObjects Business Intelligence is a reporting and analytics business intelligence BI platform for enterprise users. A stored cross-site scripting vulnerability exists in SAP BusinessObjects Business Intelligence versions prior to 4.2 and 4.3. The vulnerability stems from the product's...

Debian DSA-4532-1 : spip - security update

It was discovered that SPIP, a website engine for publishing, would allow unauthenticated users to modify published content and write to the database, perform cross-site request forgeries, and enumerate registered users. C Tenable Network Security, Inc. The descriptive text and package checks in...

[SECURITY] [DSA 4532-1] spip security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4532-1 [email protected] https://www.debian.org/security/ Sebastien Delafond September 25, 2019 https://www.debian.org/security/faq -...

DEBIAN-CVE-2019-16391

SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiseraction.php...

CVE-2019-16391

SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiseraction.php...

Code injection

SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiseraction.php...

CVE-2018-10917

pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories...