CVE-2026-30701

The CVE covers the WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02). The vulnerability arises from hardcoded credential disclosure mechanisms implemented via Server Side Includes on multiple pages (e.g., login.shtml, settings.shtml) that dynamically retrieve and expose the web administratio...

EUVD-2016-1862

Malware in sbrugna...

BIT-MYBB-2021-43281

MyBB before 1.8.29 allows Remote Code Injection by an admin with the "Can manage settings?" permission. The Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type "php" with PHP code, executed o...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress...

WordPress Popup Builder 跨站脚本漏洞

WordPress Popup Builder is a WordPress open source application. Increase conversions and drive sales while achieving marketing goals. Popup Builder suffers from a cross-site scripting vulnerability that stems from the vulnerability of all subscriber settings pages to cross-site scripting...

CVE-2016-10867

The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages...

CVE-2016-10867

The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages...

PT-2019-7663 · WordPress · All-In-One-Wp-Security-And-Firewall

Name of the Vulnerable Software and Affected Versions: all-in-one-wp-security-and-firewall plugin versions prior to 4.0.6 Description: The issue concerns a cross-site scripting XSS problem in the settings pages of the plugin. Recommendations: For versions prior to 4.0.6, update to version 4.0.6 o...