59 matches found
CVE-2026-8707
The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...
CVE-2026-8624
The LJ comments import: reloaded plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 0.97.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-8626
The SponsorMe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2026-8626 SponsorMe <= 0.5.2 - Reflected Cross-Site Scripting via PHP_SELF Parameter
The SponsorMe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2026-8626 SponsorMe <= 0.5.2 - Reflected Cross-Site Scripting via PHP_SELF Parameter
The SponsorMe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2026-8624 LJ comments import: reloaded <= 0.97.1 - Reflected Cross-Site Scripting via PHP_SELF Parameter
The LJ comments import: reloaded plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 0.97.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-8624
The LJ comments import: reloaded plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 0.97.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-8624
The CVE-2026-8624 entry concerns the WordPress plugin “LJ comments import: reloaded” up to version 0.97.1. It is vulnerable to Reflected Cross-Site Scripting via the PHP_SELF parameter due to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitra...
PT-2026-42083
Name of the Vulnerable Software and Affected Versions SponsorMe versions prior to 0.5.3 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts into pages. This occurs when a user is tricked into clicking a crafted link. The...
PT-2026-42082
Name of the Vulnerable Software and Affected Versions LJ comments import: reloaded versions prior to 0.97.2 Description The LJ comments import: reloaded plugin for WordPress contains a Reflected Cross-Site Scripting issue caused by insufficient input sanitization and output escaping...
Student-Management-System 代码注入漏洞
Student-Management-System is an open-source student information management system developed by Cyber-III. Versions of Student-Management-System 1a938fa61e9f735078e9b291d2e6215b4942af3f and earlier have a code injection vulnerability. This vulnerability stems from incorrect handling of the...
CVE-2026-1647
The Comment Genius plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...
EUVD-2026-14173
The Comment Genius plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...
CVE-2026-1647 Comment Genius <= 1.2.5 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
The Comment Genius plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...
PT-2026-26813
The Comment Genius plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $ SERVER'PHP SELF' parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
OPENSUSE-SU-2026:20361-1 Security update for osc, obs-scm-bridge
This update for osc, obs-scm-bridge fixes the following issues: Changes in osc: - 1.24.0 - Command-line: - Add '--target-owner' option to 'git-obs repo fork' command - Add '--self' parameter to fix 'no matching parent repo' error message in 'git-obs pr create' - Fix 'osc aggregatepac' for scmsync...
CVE-2026-1634
The Subitem AL Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-1634
CVE-2026-1634 concerns the WordPress plugin Subitem AL Slider. Affected) versions are all up to and including 1.0.0, vulnerable to Reflected Cross-Site Scripting via the PHP_SELF parameter due to insufficient input sanitization and output escaping. Unauthenticated attackers could inject scripts i...
CVE-2026-1634
The Subitem AL Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
PT-2026-6894
Name of the Vulnerable Software and Affected Versions Subitem AL Slider versions prior to 1.0.1 Description The Subitem AL Slider plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to insufficient input sanitization and output escaping related to the $ SERVER'PHP...