CVE-2026-4004

The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all versions up to, and including, 3.0.2. This is due to missing capability checks in the callbacksearch function and insufficient input validation that allows shortcode syntax...

CVE-2026-4004 Task Manager <= 3.0.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via 'task_id' Parameter

The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all versions up to, and including, 3.0.2. This is due to missing capability checks in the callbacksearch function and insufficient input validation that allows shortcode syntax...

CVE-2026-4004

The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all versions up to, and including, 3.0.2. This is due to missing capability checks in the callbacksearch function and insufficient input validation that allows shortcode syntax...

CVE-2026-4004

CVE-2026-4004 affects the WordPress Task Manager plugin up to version 3.0.2. The vulnerability stems from missing capability checks in the callback_search() function and insufficient input validation that lets shortcode syntax (square brackets) pass through sanitize_text_field() and be concatenat...

PT-2026-26868

The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all versions up to, and including, 3.0.2. This is due to missing capability checks in the callback search function and insufficient input validation that allows shortcode syntax...

CVE-2009-4989

Cross-site scripting XSS vulnerability in index.php in AJ Auction Pro OOPD 3.0 allows remote attackers to inject arbitrary web script or HTML via the txtkeyword parameter in a search action...

EUVD-2006-2571

Malware in sbrugna...

EUVD-2007-5618

Malware in sbrugna...

EUVD-2008-1462

Malware in sbrugna...

EUVD-2009-4951

Malware in sbrugna...

EUVD-2007-3792

Malware in sbrugna...

EUVD-2008-4067

Malware in sbrugna...

EUVD-2008-2774

Malware in sbrugna...

EUVD-2008-3772

Malware in sbrugna...

EUVD-2007-1098

Malware in sbrugna...

CVE-2022-37044

In Zimbra Collaboration Suite ZCS 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing arbitrary JavaScript on the victim's machine...

CVE-2008-6879

Cross-site scripting XSS vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action...

PT-2022-23767 · Zimbra · Zimbra Collaboration Suite

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite versions 8.8.15 Description: The issue concerns a reflected XSS in the /h/search?action API endpoint, which accepts parameters called extra, title, and onload that are partially sanitized. This allows for the...

GHSA-PMFX-P95X-CG4P Alkacon OpenCms XSS via query parameter in a search action

Cross-site scripting XSS vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL server set up a personal blog site . Jannah plugin is a WordPress open source application plugin . The WordPress Jannah plugin before 5.4.5 suffers from a...