27 matches found
CVE-2025-13625 WP-SOS-Donate Donation Sidebar Plugin <= 0.9.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
The WP-SOS-Donate Donation Sidebar Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...
EUVD-2025-201383
The CoSign Single Signon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-13512
CVE-2025-13512 : CoSign Single Signon (WordPress plugin)
PT-2025-49219
The WP-SOS-Donate Donation Sidebar Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $ SERVER'PHP SELF' parameter in all versions up to, and including, 0.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...
CVE-2025-13513 Clik stats <= 0.8 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
The Clik stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
PT-2025-49005
The Clik stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $ SERVER'PHP SELF' parameter in all versions up to, and including, 0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
RivetTracker 跨站脚本漏洞
RivetTracker is a modified version of PHPBTracker by Azizul Hakimi Mohd Yussuf Izzudin, a personal developer. RivetTracker suffers from a cross-site scripting vulnerability that stems from unknown handling, where manipulation of the parameter $SERVER PHPSELF results in cross-site scripting...