WordPress plugin Wishlist Member 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress plugin Coinbase Commerce for Contact Form 7 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

SourceCodester Pizzafy Ecommerce System 注入漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a SQL injection vulnerability, which arises from the parameter operations in the function saveSettings within the file...

CVE-2026-33765

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions prior to 6.0 have a critical OS Command Injection vulnerability in the savesettings.php file. The application takes the user-controlled $POST'webtheme' parameter...

CVE-2026-33765

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions prior to 6.0 have a critical OS Command Injection vulnerability in the savesettings.php file. The application takes the user-controlled $POST'webtheme' parameter...

CVE-2026-33765 Pi-hole Web Interface has a Command Injection Vulnerability

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions prior to 6.0 have a critical OS Command Injection vulnerability in the savesettings.php file. The application takes the user-controlled $POST'webtheme' parameter...

Pi-hole Web Interface 操作系统命令注入漏洞

The Pi-hole Web Interface is an open-source dashboard web interface developed by Pi-hole. Versions of the Pi-hole Web Interface prior to version 6 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the webtheme parameter in the savesettings.ph...

CVE-2026-24140

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...

CVE-2025-14630

The AdminQuickbar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.3. This is due to missing or incorrect nonce validation on the 'saveSettings' and 'renamePost' AJAX actions. This makes it possible for unauthenticated attackers to modify...

CVE-2025-14630

The AdminQuickbar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.3. This is due to missing or incorrect nonce validation on the 'saveSettings' and 'renamePost' AJAX actions. This makes it possible for unauthenticated attackers to modify...

CVE-2026-24140 MyTube has Mass Assignment via Settings Management

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...

CVE-2026-24140

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...

CVE-2026-24140 MyTube has Mass Assignment via Settings Management

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...

CVE-2025-12481

The WP Duplicate Page plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'saveSettings' function. This makes it possible for authenticated...

EUVD-2025-197964

The WP Duplicate Page plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'saveSettings' function. This makes it possible for authenticated...

The vulnerability of the saveSettings() function in the settings.php script of the NetAlert X intrusion notification network infrastructure allows a intruder to execute arbitrary code.

The vulnerability of the saveSettings function in the settings.php script of the NetAlert X intrusion notification network infrastructure is related to the failure to take measures to neutralize special elements used in the command due to lack of authentication. Exploiting this vulnerability can...

Seraphinite Alternative Slugs Manager < 1.4 - Cross-Site Request Forgery

Description The plugin is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the saveSettings functionality. This makes it possible for unauthenticated attackers to update the plugins settings via a forged reques...

Command Injection

Nginx-ui is vulnerable to Remote Command Injection. The vulnerability is caused due a lack of proper authorization checks in the SaveSettings function. This issue may lead to authenticated Remote Code Execution, Privilege Escalation, and Information Disclosure...

Cross site scripting

The DELUCKS SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the saveSettings function that had no capability checks in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

WordPress Plugin DELUCKS SEO 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...