EUVD-2026-20099

The Whole Enquiry Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘woowholesuccessmsg’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

PT-2026-31091

Name of the Vulnerable Software and Affected Versions The Whole Enquiry Cart for WooCommerce plugin for WordPress versions up to and including 1.2.1 Description The Whole Enquiry Cart for WooCommerce plugin for WordPress is susceptible to Stored Cross-Site Scripting through the woowhole success m...

WordPress plugin Whole Enquiry Cart for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blogs on servers based on PHP and MySQL. Woocommerce is one of the e-commerce plugins. WP Fastest Cache is a...

CVE-2025-13993

The MailerLite – Signup forms official plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formdescription' and 'successmessage' parameters in versions up to, and including, 1.7.16 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-13993 MailerLite – Signup forms (official) <= 1.7.16 - Authenticated (Administrator+) Stored Cross-Site Scripting

The MailerLite – Signup forms official plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formdescription' and 'successmessage' parameters in versions up to, and including, 1.7.16 due to insufficient input sanitization and output escaping. This makes it possible for...

EUVD-2025-203071

The MailerLite – Signup forms official plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formdescription' and 'successmessage' parameters in versions up to, and including, 1.7.16 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-13993

CVE-2025-13993 - MailerLite – Signup forms (official) plugin for WordPress is affected up to version 1.7.16. The vulnerability is a Stored Cross-Site Scripting (Stored XSS) in the parameters form_description and success_message caused by insufficient input sanitization and output escaping. Exploi...

PT-2025-50911

The MailerLite – Signup forms official plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'form description' and 'success message' parameters in versions up to, and including, 1.7.16 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-47913

A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSHAGENTSUCCESS 0x06 message to requests expecting typed replies e.g., List, Sign. The unmarshal layer produces an unexpected message type, which the client code does not handle,...

EUVD-2021-31872

Malicious code in bioql PyPI...

CVE-2025-58434 Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5 and earlier, the forgot-password endpoint in Flowise returns sensitive information including a valid password reset tempToken without authentication or verification. This enables any attacker...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the getSuccessMessage field in the embedded message form container. An attacker can execute arbitrary JavaScript in the context of the affected application by submitting crafted input to this field. Details...

WordPress plugin Contact Form 7 Hide Success Message security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

verbb/formie Server-Side Template Injection for variable-enabled settings

Impact Users with access to a form's settings can include malicious Twig code into fields that support Twig. These might be the Submission Title or the Success Message. This code will then be executed upon creating a submission, or rendering the text. This is listed as low-medium severity due to...

CVE-2024-35191 verbb/formie Server-Side Template Injection for variable-enabled settings

Formie is a Craft CMS plugin for creating forms. Prior to 2.1.6, users with access to a form's settings can include malicious Twig code into fields that support Twig. These might be the Submission Title or the Success Message. This code will then be executed upon creating a submission, or renderi...

CVE-2024-35191

CVE-2024-35191 affects the verbb/formie Craft CMS plugin. Before version 2.1.6, users who can access a form’s settings could insert malicious Twig code into fields that support Twig (e.g., Submission Title or Success Message). The injected Twig could be executed when a submission is created or wh...

CVE-2024-35191 verbb/formie Server-Side Template Injection for variable-enabled settings

Formie is a Craft CMS plugin for creating forms. Prior to 2.1.6, users with access to a form's settings can include malicious Twig code into fields that support Twig. These might be the Submission Title or the Success Message. This code will then be executed upon creating a submission, or renderi...

PT-2024-26371 · Formie · Formie

Name of the Vulnerable Software and Affected Versions: Formie versions prior to 2.1.6 Description: The issue allows users with access to a form's settings to include malicious Twig code into fields that support Twig, such as the Submission Title or the Success Message. This code will then be...

GLSA-202405-08 : strongSwan: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202405-08 strongSwan: Multiple Vulnerabilities - The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger...

SUSE CVE-2015-8023

The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message...