CVE-2025-32573

KiotViet Sync WordPress plugin suffers an SQL Injection (CVE-2025-32573) due to improper neutralization of special elements in SQL commands. Affected: KiotViet Sync versions up to 1.8.3 (per CVE details); patched in 1.8.4+ per PatchStack entry. Impact: potential unauthorized data access/manipulat...

CVE-2025-28892 WordPress FTP Sync plugin <= 1.1.6 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in a2rocklobster FTP Sync ftp-sync allows Stored XSS.This issue affects FTP Sync: from n/a through = 1.1.6...

CVE-2024-13634

The Post Sync WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13634

CVE-2024-13634 concerns the WordPress plugin Post Sync (versions

CVE-2024-13634 Post Sync <= 1.1 - Reflected XSS

The Post Sync WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress Post Sync plugin <= 1.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Post Sync versions = 1.1...

WordPress Database Sync plugin <= 0.5.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Mika in WordPress Plugin Database Sync versions = 0.5.1...

WordPress plugin User Sync ActiveCampaign 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2024-11368 Splash Sync <= 2.0.7 - Reflected Cross-Site Scripting

The Splash Sync plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

CVE-2024-11368

CVE-2024-11368 affects Splash Sync (WordPress) up to version 2.0.6. The vulnerability is a reflected Cross‑Site Scripting (XSS) caused by improper escaping in add_query_arg, enabling unauthenticated attackers to inject scripts into pages that a user visits after being tricked into performing an a...

WordPress Splash Sync plugin <= 2.0.7 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Splash Sync versions = 2.0.7...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in WPPOOL Sheets To WP Table Live Sync plugin = 2.12.15 versions...

CVE-2023-26535 WordPress Sheets To WP Table Live Sync Plugin <= 2.12.15 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in WPPOOL Sheets To WP Table Live Sync plugin = 2.12.15 versions...

com.openshift.jenkins:openshift-pipeline (>=1.0.22 <=1.0.57), io.fabric8.jenkins.plugins:openshift-sync (>=0.0.8 <=1.0.42) potentially affected by CVE-2018-1999040 via org.csanchez.jenkins.plugins:kubernetes (>=0.10 <=0.6)

org.csanchez.jenkins.plugins:kubernetes MAVEN version =0.10, =1.0.22, =0.0.8, =1.0.42 Source cves: CVE-2018-1999040 Source advisory: OSV:GHSA-FQG2-C97R-RQCJ...

389-ds:1.4 security and bug fix update

1.4.3.16-19 - Bump version to 1.4.3.16-19 - Resolve: Bug 1984091 - persistent search returns entries even when an error is returned by content-sync-plugin 1.4.3.16-18 - Bump version to 1.4.3.16-18 - Resolve: Bug 1983121 - CRYPT password hash with asterisk allows any bind attempt to succeed...