EUVD-2025-204786

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebCodingPlace Responsive Posts Carousel Pro allows Stored XSS.This issue affects Responsive Posts Carousel Pro: from n/a through 15.2...

CVE-2025-68548 WordPress Responsive Posts Carousel Pro plugin <= 15.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows Stored XSS.This issue affects Responsive Posts Carousel Pro: from n/a through = 15.2...

CVE-2025-68548 WordPress Responsive Posts Carousel Pro plugin <= 15.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows Stored XSS.This issue affects Responsive Posts Carousel Pro: from n/a through = 15.2...

WordPress Responsive Posts Carousel Pro plugin <= 15.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Responsive Posts Carousel Pro versions = 15.2...

PT-2025-52748

Name of the Vulnerable Software and Affected Versions Responsive Posts Carousel Pro versions through 15.2 Description An issue exists in WebCodingPlace Responsive Posts Carousel Pro that allows for Stored Cross-site Scripting XSS. This occurs due to improper neutralization of input during web pag...

WordPress plugin Responsive Posts Carousel Pro 跨站脚本漏洞

...

WordPress Google AdSense for Responsive Design – GARD plugin <= 2.23 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin Google AdSense for Responsive Design GARD versions = 2.23...

CVE-2025-14721

The Responsive and Swipe slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rsSlider shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-14721

CVE-2025-14721 affects the WordPress plugin Responsive and Swipe Slider . It exposes a Stored Cross-Site Scripting (XSS) vulnerability via the plugin’s rsSlider shortcode in all versions up to and including 1.0.2, due to insufficient input sanitization and output escaping on user-supplied attribu...

CVE-2025-14721 Responsive and Swipe slider <= 1.0.2 - Authenticated (Editor+) Stored Cross-Site Scripting via Shortcode

The Responsive and Swipe slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rsSlider shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin Responsive and Swipe slider 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Responsive and Swipe slider plugin <= 1.0.2 - Authenticated (Editor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Editor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Bhumividh Treloges in WordPress Plugin RESPONSIVE AND SWIPE SLIDER! versions = 1.0.2...

CVE-2025-14711

A flaw has been found in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This vulnerability affects unknown code of the file /controller/api/hotelList.php. This manipulation of the argument pickedHotelName/type causes sql injection. The attack is possible to be carried...

CVE-2025-14697

A security flaw has been discovered in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this issue is some unknown functionality of the file /ExportFiles/. The manipulation results in files or directories accessible. The attack may be launched remotel...

CVE-2025-14694 ketr JEPaaS readAllPostil sql injection

A vulnerability was found in ketr JEPaaS up to 7.2.8. This impacts the function readAllPostil of the file /je/postil/postil/readAllPostil. Performing a manipulation of the argument keyWord results in sql injection. The attack can be initiated remotely. The exploit has been made public and could b...

CVE-2025-14520

A weakness has been identified in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. Impacted is an unknown function of the file /admin/index.php/datafile/delfile. This manipulation of the argument filename causes path traversal. The attack is possible to be carried out remotely. The...

EUVD-2025-202880

A vulnerability was determined in UTT 进取 512W up to 3.1.7.7-171114. This impacts the function strcpy of the file /goform/formNatStaticMap of the component Endpoint. Executing manipulation of the argument NatBind can lead to buffer overflow. The attack can be launched remotely. The exploit has bee...

CVE-2025-14520

A weakness has been identified in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. Impacted is an unknown function of the file /admin/index.php/datafile/delfile. This manipulation of the argument filename causes path traversal. The attack is possible to be carried out remotely. The...

CVE-2025-14259

The CVE-2025-14259 issue affects Jihai Jshop MiniProgram Mall System 2.9.0, specifically a SQL injection in /index.php/api.html through manipulation of the cat_id parameter. The vulnerability can be exploited remotely and a public exploit exists. Several connected sources corroborate the existenc...

CVE-2025-14094

A flaw has been found in Edimax BR-6478AC V3 1.0.15. The affected element is the function sub44CCE4 of the file /boafrm/formSysCmd. This manipulation of the argument sysCmd causes os command injection. The attack may be initiated remotely. The exploit has been published and may be used. The vendo...