CVE-2024-2643

CVE-2024-2643 affects the WordPress plugin My Sticky Bar prior to version 2.6.8. The issue is a failure to sanitize/escape certain settings, enabling stored cross-site scripting (Stored XSS) by high-privilege users (e.g., admins) even when unfiltered_html is disallowed, such as in multisite setup...

CVE-2024-1663

CVE-2024-1663 affects the WordPress plugin Ultimate Noindex Nofollow Tool II (versions before 1.3.6). The issue is a lack of sanitization/escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). Impact is a...

CVE-2024-0852

coreActivity: Activity Logging plugin for WordPress (prior to 1.8.1) is vulnerable to unauthenticated Stored XSS due to insufficient escaping of certain request data when rendering in the admin logs dashboard. The issue allows an unauthenticated attacker to craft input that could execute JavaScri...

CVE-2023-7230

CVE-2023-7230 affects the WordPress plugin illi Link Party! (versions

CVE-2023-7229

CVE-2023-7229 affects the illi Link Party! WordPress plugin (versions

CVE-2023-7228

CVE-2023-7228 affects the WordPress plugin illi Link Party! (vuln:

CVE-2023-7197

CVE-2023-7197 affects Marketing Twitter Bot WordPress plugin (

CVE-2023-7195

CVE-2023-7195 affects the WP-Reply Notify WordPress plugin (v

CVE-2023-7196

CVE-2023-7196 affects the WordPress plugin Ultimate Noindex Nofollow Tool (versions

CVE-2023-7088

CVE-2023-7088 affects the WordPress plugin Add SVG Support for Media Uploader (inventivo) up to version 1.0.5. The issue is that uploaded SVGs are not sanitized, allowing stored XSS via SVGs and enabling impact for users with as little as Author privileges. Publicly provided connected documents c...

CVE-2023-6783

CVE-2023-6783 concerns the WolfNet IDX for WordPress plugin (

CVE-2023-6541

The CVE-2023-6541 entry concerns the WordPress Allow SVG plugin prior to 1.2.0, where uploaded SVGs are not sanitized, enabling stored XSS via SVG payloads uploaded by users with as little as Author privileges. Impact is cross-site scripting with low to moderate severity per sources; remediation:...

CVE-2023-5932

The CVE-2023-5932 issue concerns the WordPress plugin Travelpayouts: All Travel Brands in One Place, affected in versions prior to 1.1.14. The root cause is that a parameter is not properly sanitized/escaped before being echoed back in the page, enabling a Reflected Cross-Site Scripting (XSS) att...

CVE-2023-5529

Affected software: Advanced Page Visit Counter WordPress plugin, prior to version 8.0.6. Root cause: plugin does not sanitise/escape certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). Impact: admin-level Stored X...

Alibaba Cloud Linux 3 : 0032: java-11-openjdk (ALINUX3-SA-2021:0032)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2021:0032 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-2163: RESERVED This candidate has been...

Alibaba Cloud Linux 3 : 0030: gzip (ALINUX3-SA-2022:0030)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0030 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-1271: RESERVED This candidate has been...

Alibaba Cloud Linux 3 : 0174: libksba (ALINUX3-SA-2022:0174)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0174 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-3515: RESERVED This candidate has been...

CVE-2022-21546

CVE-2022-21546 is a Linux kernel vulnerability affecting the SCSI target path. The issue arises in target_core_iblock/file when handling WRITE_SAME commands if the NDOB bit is set (NDOB indicates no data buffer) or when zero SG elements are sent. The kernel patch adds a common WRITE_SAME check fo...

PT-2025-18181 · Ribbon Communications · Apollo 9608

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue is related to an uncontrolled search path element, which can lead to security problems. Recommendations: At the moment, there is no information about a newer version that contains ...

CVE-2023-32197

The CVE-2023-32197 issue is an improper privilege management vulnerability in SUSE Rancher involving RoleTemplate objects when external=true is set, enabling privilege escalation in certain scenarios. Affected versions include Rancher 2.7.0–2.7.13 and 2.8.0–2.8.4 (fixed in 2.7.14 and 2.8.5). The ...