2845 matches found
Rating by BestWebSoft < 0.2 - Cross-Site Scripting
The rating-bws plugin before 0.2 for WordPress has multiple XSS issues. id: CVE-2017-18530 info: name: Rating by BestWebSoft 0.2 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The rating-bws plugin before 0.2 for WordPress has multiple XSS issues. impact: |...
CVE-2026-57771
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Milan Petrovic GD Rating System gd-rating-system allows Blind SQL Injection.This issue affects GD Rating System: from n/a through = 3.7...
CVE-2026-57771 WordPress GD Rating System plugin <= 3.7 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Milan Petrovic GD Rating System gd-rating-system allows Blind SQL Injection.This issue affects GD Rating System: from n/a through = 3.7...
CVE-2026-57771
CVE-2026-57771 concerns the WordPress plugin for Milan Petrovic’s GD Rating System. Connected sources confirm the vulnerability as a SQL Injection flaw in the GD Rating System plugin, affecting versions up to 3.7 (<=3.7). The root cause is improper neutralization of inputs used in SQL commands...
WordPress GD Rating System plugin <= 3.7 - SQL Injection vulnerability
SQL Injection vulnerability discovered by VanTastic in WordPress Plugin GD Rating System versions = 3.7...
CVE-2026-12560
The Editorial Rating – Product Review & Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'Link URL' Field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-12560
The Editorial Rating – Product Review & Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'Link URL' Field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
EUVD-2026-40251
The Editorial Rating – Product Review & Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'Link URL' Field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-12560
The Editorial Rating – Product Review & Rating System plugin for WordPress (versions up to 4.0.5) is vulnerable to Stored Cross-Site Scripting via the Link URL field due to insufficient input sanitization and output escaping. Authenticated attackers with administrator-level access can store a pay...
Security update for distribution (important)
openSUSE security update: security update for distribution ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21084-1 Rating: important References: bsc1265429 bsc1265788 bsc1266049 bsc1266629 Cross-References: CVE-2026-33814 CVE-2026-39821 CVE-2026-398...
WordPress Editorial Rating – Product Review & Rating System plugin <= 4.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Supoj Polsawas sp0x5ec in WordPress Plugin Editorial Rating – Product Review & Rating System versions = 4.0.5...
kernel security, bug fix, and enhancement update
An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...
CVE-2026-9619
CVE-2026-9619 affects the Reviews and Rating – Docplanner WordPress plugin, vulnerable in all versions up to 1.1.4 due to insufficient authorization checks for an action (sync_reviews AJAX). This allows authenticated users with subscriber-level access and above to trigger outbound scraping, write...
CVE-2026-9619 Reviews and Rating <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via sync_reviews AJAX Action
The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
WordPress Reviews and Rating – Docplanner plugin <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Modification vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin Reviews and Rating – Docplanner versions = 1.1.4...
CVE-2026-42639
Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...
CVE-2026-42639
CVE-2026-42639 concerns the WordPress plugin GD Rating System (versions
CVE-2026-42639 WordPress GD Rating System plugin <= 3.6.2 - SQL Injection vulnerability
Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...
CVE-2026-42639 WordPress GD Rating System plugin <= 3.6.2 - SQL Injection vulnerability
Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...
EUVD-2026-36815
Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...