2832 matches found
Rating by BestWebSoft < 0.2 - Cross-Site Scripting
The rating-bws plugin before 0.2 for WordPress has multiple XSS issues. id: CVE-2017-18530 info: name: Rating by BestWebSoft 0.2 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The rating-bws plugin before 0.2 for WordPress has multiple XSS issues. impact: |...
CVE-2026-9619 Reviews and Rating <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via sync_reviews AJAX Action
The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
CVE-2026-9619
CVE-2026-9619 affects the Reviews and Rating – Docplanner WordPress plugin, vulnerable in all versions up to 1.1.4 due to insufficient authorization checks for an action (sync_reviews AJAX). This allows authenticated users with subscriber-level access and above to trigger outbound scraping, write...
WordPress Reviews and Rating – Docplanner plugin <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Modification vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin Reviews and Rating – Docplanner versions = 1.1.4...
CVE-2026-42639
Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...
CVE-2026-42639 WordPress GD Rating System plugin <= 3.6.2 - SQL Injection vulnerability
Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...
EUVD-2026-36815
Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...
CVE-2026-42639 WordPress GD Rating System plugin <= 3.6.2 - SQL Injection vulnerability
Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...
CVE-2026-42639
CVE-2026-42639 concerns the WordPress plugin GD Rating System (versions
PT-2026-49441
Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...
libopenssl-3-devel-3.5.3-6.1 on GA media (moderate)
libopenssl-3-devel-3.5.3-6.1 on GA media Announcement ID: openSUSE-SU-2026:11023-1 Rating: moderate Cross-References: CVE-2026-34180 CVE-2026-34182 CVE-2026-34183 CVE-2026-42764 CVE-2026-42766 CVE-2026-42767 CVE-2026-42768 CVE-2026-42769 CVE-2026-42770 CVE-2026-45445 CVE-2026-45446 CVE-2026-45447...
kernel-devel-7.0.12-1.1 on GA media (moderate)
kernel-devel-7.0.12-1.1 on GA media Announcement ID: openSUSE-SU-2026:11014-1 Rating: moderate Cross-References: CVE-2026-46244 CVE-2026-46273 CVE-2026-46274 CVE-2026-46275 CVE-2026-46276 CVE-2026-46277 CVE-2026-46278 CVE-2026-46279 CVE-2026-46280 CVE-2026-46281 CVE-2026-46282 CVE-2026-46283...
postgresql-jdbc-42.7.11-1.1 on GA media (moderate)
postgresql-jdbc-42.7.11-1.1 on GA media Announcement ID: openSUSE-SU-2026:11001-1 Rating: moderate Cross-References: CVE-2026-42198 CVSS scores: CVE-2026-42198 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability ca...
Security update for java-17-openj9 (important)
openSUSE Security Update: Security update for java-17-openj9 Announcement ID: openSUSE-SU-2025:0067-1 Rating: important References: 1204468 1204471 1204472 1204473 1204475 1204480 1204703 1206549 1207246 1207248 1207922 1210628 1210631 1210632 1210634 1210635 1210636 1210637 1211615 1213470 12134...
CVE-2026-8910
The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...
CVE-2026-8910
The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...
CVE-2026-8910
The CVE refers to the WordPress plugin WP Emoticon Rating (versions
CVE-2026-8910 WP Emoticon Rating <= 1.0.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting via 'emo_settings' Parameter
The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...
EUVD-2026-35313
The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...
WordPress plugin WP Emoticon Rating 跨站请求伪造漏洞
WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the functionality of WordPress. The WP Emoticon Rating plugin has a cross-site reques...