CVE-2025-39601 WordPress Custom CSS, JS & PHP plugin <= 2.4.1 - CSRF to RCE vulnerability

Cross-Site Request Forgery CSRF vulnerability in WPFactory Custom CSS, JS & PHP custom-css allows Remote Code Inclusion.This issue affects Custom CSS, JS & PHP: from n/a through = 2.4.1...

CVE-2025-39601

The CVE-2025-39601 entry describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin WPFactory Custom CSS, JS & PHP. A CSRF flaw in versions n/a through 2.4.1 allows Remote Code Inclusion (RCE). The issue affects Custom CSS, JS & PHP versions n/a–2.4.1. The risk is rated h...

PT-2025-16621 · WordPress · Wpfactory Custom Css

Name of the Vulnerable Software and Affected Versions: WPFactory Custom CSS, JS & PHP versions n/a through 2.4.1 Description: A Cross-Site Request Forgery CSRF issue allows Remote Code Inclusion. This is a critical issue that can be exploited remotely. Recommendations: For versions n/a through...

CVE-2025-32642

Cross-Site Request Forgery CSRF vulnerability in appsbd Vite Coupon vite-coupon allows Remote Code Inclusion.This issue affects Vite Coupon: from n/a through = 1.0.9...

CVE-2025-32642

Cross-Site Request Forgery CSRF vulnerability in appsbd Vite Coupon vite-coupon allows Remote Code Inclusion.This issue affects Vite Coupon: from n/a through = 1.0.9...

CVE-2025-32642 WordPress Vite Coupon plugin <= 1.0.9 - CSRF to Remote Code Execution (RCE) vulnerability

Cross-Site Request Forgery CSRF vulnerability in appsbd Vite Coupon vite-coupon allows Remote Code Inclusion.This issue affects Vite Coupon: from n/a through = 1.0.9...

WordPress plugin Vite Coupon 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

PT-2025-15810 · Unknown · Vite Coupon

Name of the Vulnerable Software and Affected Versions: Vite Coupon versions 1.0.7 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Remote Code Inclusion. This means an attacker can potentially execute malicious code on a remote server, which could...

CVE-2025-30580

Improper Control of Generation of Code 'Code Injection' vulnerability in kellydiek DigiWidgets Image Editor digiwidgets-image-editor allows Remote Code Inclusion.This issue affects DigiWidgets Image Editor: from n/a through = 1.10...

CVE-2025-30841

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in adamskaat Countdown & Clock countdown-builder allows Remote Code Inclusion.This issue affects Countdown & Clock: from n/a through = 2.8.8...

CVE-2025-30841

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in adamskaat Countdown & Clock countdown-builder allows Remote Code Inclusion.This issue affects Countdown & Clock: from n/a through = 2.8.8...

CVE-2025-30580

Improper Control of Generation of Code 'Code Injection' vulnerability in kellydiek DigiWidgets Image Editor digiwidgets-image-editor allows Remote Code Inclusion.This issue affects DigiWidgets Image Editor: from n/a through = 1.10...

CVE-2025-30841

CVE-2025-30841 (Countdown & Clock, WordPress plugin) is a path traversal flaw that enabled authenticated remote code execution (RCE) in versions up to 2.8.8. The issue affected Countdown, Coming Soon, Maintenance – Countdown & Clock and has been marked patched by the vendor/security sources; publ...

CVE-2025-1534

CVE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Payara Platform Payara Server allows : Remote Code Inclusion.This issue affects Payara Server: from 4.1.2.1919.1 before 4.1.2.191.51, from 5.20.0 before 5.68.0, from 6.0.0 before 6.23.0, fr...

CVE-2025-1534

CVE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Payara Platform Payara Server allows : Remote Code Inclusion.This issue affects Payara Server: from 4.1.2.1919.1 before 4.1.2.191.51, from 5.20.0 before 5.68.0, from 6.0.0 before 6.23.0, fr...

CVE-2025-1534 Cross-site Scripting (Stored)

CVE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Payara Platform Payara Server allows : Remote Code Inclusion.This issue affects Payara Server: from 4.1.2.1919.1 before 4.1.2.191.51, from 5.20.0 before 5.68.0, from 6.0.0 before 6.23.0, fr...

CVE-2025-1534 Cross-site Scripting (Stored)

CVE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Payara Platform Payara Server allows : Remote Code Inclusion.This issue affects Payara Server: from 4.1.2.1919.1 before 4.1.2.191.51, from 5.20.0 before 5.68.0, from 6.0.0 before 6.23.0, fr...

CVE-2025-1534

CVE-2025-1534 affects Payara Server (Payara Platform) with a vulnerability in input handling during web page generation that enables cross-site scripting and remote code inclusion. Affected versions are: Payara Server 4.1.2.1919.1 before 4.1.2.191.51; 5.20.0 before 5.68.0; 6.0.0 before 6.23.0; 6....

Payara Server 安全漏洞

Payara Server is a cloud-native, innovative, open source middleware platform from Payara UK. A security vulnerability exists in Payara Server that stems from improper input neutralization leading to cross-site scripting and remote code inclusion. The following versions are affected: versions prio...

PT-2025-14390 · Digiwidgets · Digiwidgets Image Editor

Name of the Vulnerable Software and Affected Versions: DigiWidgets Image Editor versions 1.10 and earlier Description: The issue is related to an Improper Control of Generation of Code 'Code Injection' vulnerability, which allows Remote Code Inclusion. This means that an attacker could potentiall...