EUVD-2026-17397

The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$SERVER'REQUESTURI'’ parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible...

CVE-2025-8046 Injection Guard < 1.2.8 - Reflected XSS via $_SERVER['REQUEST_URI']

The Injection Guard WordPress plugin before 1.2.8 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

WordPress plugin Smart Custom 404 Error Page 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

PT-2023-29248 · Unknown · Lemonldap::Ng

Name of the Vulnerable Software and Affected Versions: LemonLDAP::NG versions prior to 2.17.1 Description: A Server-Side Request Forgery issue in the OpenID Connect Issuer allows authenticated remote attackers to send GET requests to arbitrary URLs through the request uri authorization parameter...

Open Redirect

rudloff/alltube is vulnerable to open redirect. An attacker can redirect users to malicious URLs through the REQUESTURI parameter in index.php...

PT-2020-12318 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak versions prior to 13.0.0 Description: A flaw was found in Keycloak, where it is possible to force the server to call out an unverified URL using the OIDC parameter request uri. This flaw allows an attacker to use this parameter to...