PT-2025-52575

Name of the Vulnerable Software and Affected Versions Live Composer – Free WordPress Website Builder plugin versions prior to 2.0.3 Description The Live Composer – Free WordPress Website Builder plugin for WordPress is susceptible to PHP Object Injection due to deserialization of untrusted input...

GHSA-4QG8-FJ49-PXJH Sigstore Timestamp Authority allocates excessive memory during request parsing

Impact Excessive memory allocation Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type header which is also untrusted data on an application string...

PT-2025-43824

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Konstantin Pankratov Date counter date-counter allows Stored XSS.This issue affects Date counter: from n/a through = 2.0.3...

CVE-2025-48141 WordPress Multi CryptoCurrency Payments <= 2.0.3 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Alex Zaytseff Multi CryptoCurrency Payments allows SQL Injection. This issue affects Multi CryptoCurrency Payments: from n/a through 2.0.3...

CVE-2023-25458

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in GMO Internet Group, Inc. TypeSquare Webfonts for ConoHa plugin = 2.0.3 versions...

CVE-2021-37463

In NCH Quorum v2.03 and earlier, XSS exists via User Display Name stored...

WordPress plugin Salesmate Add-On for Gravity Forms SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A SQL injection vulnerability exists in WordPress...

Drupal Email TFA 安全漏洞

Drupal Email TFA is a Drupal community module that provides email-based two-factor authentication functionality for Drupal. A security vulnerability exists in Drupal Email TFA versions prior to 2.0.3, which stems from weak authentication and could lead to brute force exploits...

GHSA-VHV4-FH94-JM5X JS Html Sanitizer allows XSS when used with contentEditable

Impact XSS vulnerability when the sanitizer is used with a contentEditable element to set the elements innerHTML to a sanitized string produced by the package. If the code is particularly crafted to abuse the code beautifier, that runs AFTER sanitation. Patches Patched in version 2.0.3...

WordPress plugin Responsive Image Gallery security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-35750

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wpdevart Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3...

PT-2023-30476 · WordPress · Star Cloudprnt For Woocommerce

Name of the Vulnerable Software and Affected Versions: Star CloudPRNT for WooCommerce plugin versions = 2.0.3 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into the website, potentially...

CVE-2022-34855

Path traversal for the IntelR NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2021-37466

In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= reflected...

Multiple Things CGI products vulnerable to cross-site scripting

Overview Multiple CGI products provided by Things contain a cross-site scripting vulnerability. BBS and BBS Thread provided by Things are bulletin board software. BBS and BBS Thread contain a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC...