122 matches found
PT-2025-47264
Name of the Vulnerable Software and Affected Versions Download Panel plugin for WordPress versions up to and including 1.3.3 Description The Download Panel plugin for WordPress is susceptible to unauthorized settings modification. This is caused by a missing capability check on the 'wp ajax save...
EUVD-2025-84363
The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin storing cPanel API credentials hostname, username, and API key in files within the web-accessible wp-content directory witho...
CVE-2025-12416
Summary: The WordPress Pagerank Tools plugin (versions ≤ 1.1.5) contains a vulnerability where a stored Cross‑Site Scripting attack can be triggered via Cross‑Site Request Forgery. The root cause is missing nonce validation on the pr_save_settings() function and insufficient input sanitization, e...
CVE-2025-12416 Pagerank Tools <= 1.1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Pagerank Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the prsavesettings function and insufficient input sanitization. This makes it possible for...
WordPress TopBar plugin cross-site request forgery vulnerability
WordPress TopBar plugin is a plugin for adding a notification bar at the top of your website, mainly used to display messages, links or promotional content to help users attract attention and increase conversions. The WordPress TopBar plugin suffers from a cross-site request forgery vulnerability...
CVE-2025-10300
The TopBar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the fmenbtopbarsavesettings function. This makes it possible for unauthenticated attackers to update the plugin's settin...
CVE-2025-10300
The TopBar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the fmenbtopbarsavesettings function. This makes it possible for unauthenticated attackers to update the plugin's settin...
WordPress plugin TopBar 跨站请求伪造漏洞
WordPress TopBar plugin is a plugin for adding a notification bar at the top of your website, mainly used to display messages, links or promotional content to help users attract attention and increase conversions. The WordPress TopBar plugin suffers from a cross-site request forgery vulnerability...
EUVD-2020-29786
Malware in sbrugna...
EUVD-2024-32022
Malicious code in bioql PyPI...
CVE-2025-6778
A vulnerability, which was classified as problematic, was found in code-projects Food Distributor Site 1.0. Affected is an unknown function of the file /admin/savesettings.php. The manipulation of the argument sitephone/siteemail/address leads to cross site scripting. It is possible to launch the...
CVE-2025-6778
CVE-2025-6778 affects code-projects Food Distributor Site 1.0. The vulnerability is an XSS in an unknown function of /admin/save_settings.php, triggered by manipulating the arguments site_phone, site_email, or address. It can be exploited remotely, and multiple sources indicate the exploit has be...
Code-Projects Food Distributor Site 代码注入漏洞
Code-Projects Food Distributor Site is a Code-Projects open source food distributor site. A code injection vulnerability exists in Code-Projects Food Distributor Site version 1.0, which originates from cross-site scripting due to incorrect operation of the parameters sitephone/siteemail/address i...
Traffic Offense Reporting System save-settings.php file cross-site scripting vulnerability
Traffic Offense Reporting System is a traffic violation reporting system. Traffic Offense Reporting System suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied data by the sitename parameter in the save-settings.php file...
CVE-2025-5661
A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part of the file /save-settings.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site scripting. It is...
CVE-2025-5661 code-projects Traffic Offense Reporting System Setting save-settings.php cross site scripting
A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part of the file /save-settings.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site scripting. It is...
CVE-2025-5661
CVE-2025-5661 affects code-projects Traffic Offense Reporting System 1.0, specifically the Setting Handler’s save-settings.php. The vulnerability arises from improper handling of the site_name (or “site name”) parameter, leading to cross-site scripting (XSS). It can be exploited remotely, and pub...
CVE-2024-27559
Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery CSRF via the component /savesettings.php...
CVE-2024-7285
A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/ajax.php?action=savesettings. The manipulation of the argument name leads to cross site scripting. The attack can ...
CVE-2023-3408
The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'savesettings' function. This makes it possible for unauthenticated attackers to modify the theme's settings, including...