16 matches found
PT-2026-49463
Unauthenticated Broken Authentication in Masteriyo - LMS = 2.1.8 versions...
WordPress Masteriyo - LMS plugin <= 2.1.8 - Broken Authentication vulnerability
WordPress Masteriyo - LMS plugin = 2.1.8 - Broken Authentication vulnerability discovered by HieuPenguin in WordPress Plugin Masteriyo - LMS versions = 2.1.8...
CVE-2026-2028
The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to insufficient file ownership validation on the 'maxiremovecustomimagesize' AJAX action in all versions up to, and including, 2.1.8. This makes it possible for authenticated attackers, with Author-leve...
CVE-2026-4002 Petje.af <= 2.1.8 - Cross-Site Request Forgery to Account Deletion via 'petjeaf_disconnect' AJAX Action
The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 2.1.8. This is due to missing nonce validation in the ajaxrevoketoken function which handles the 'petjeafdisconnect' AJAX action. The function performs destructive operations includin...
WordPress Petje.af plugin <= 2.1.8 - Cross-Site Request Forgery to Account Deletion via 'petjeaf_disconnect' AJAX Action vulnerability
Cross-Site Request Forgery to Account Deletion via 'petjeafdisconnect' AJAX Action vulnerability discovered by theviper17y in WordPress Plugin Petje.af versions = 2.1.8...
CVE-2025-11960
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Aryom Software High Technology Systems Inc. KVKNET allows Reflected XSS. This issue affects KVKNET: before 2.1.8...
EUVD-2023-53407
Malicious code in bioql PyPI...
CVE-2025-58790
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPKube Kiwi kiwi-social-share allows Stored XSS.This issue affects Kiwi: from n/a through = 2.1.8...
CVE-2025-31819
CVE-2025-31819 is a Cross-Site Scripting (XSS) vulnerability in Nova Blocks by Pixelgrade. The issue affects Nova Blocks versions up to 2.1.8 (and possibly earlier n/a ranges per entry). Root cause is improper neutralization of user-controlled input during web page generation, enabling injection ...
WordPress XTRA Settings plugin <= 2.1.8 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by thiennv in WordPress Plugin XTRA Settings versions = 2.1.8...
WordPress Kognetiks Chatbot for WordPress plugin <= 2.1.8 - Cross-Site Request Forgery to Authenticated (Subscriber+) Assistant Modification vulnerability
Cross-Site Request Forgery to Authenticated Subscriber+ Assistant Modification vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin Kognetiks Chatbot for WordPress versions = 2.1.8...
PT-2024-13034 · Allterco · Shelly Trv
Name of the Vulnerable Software and Affected Versions: Shelly TRV version 2.1.8 Description: The issue allows a local attacker to obtain the Wi-Fi password due to cleartext transmission during the initial setup. Recommendations: For Shelly TRV version 2.1.8, update to a version that addresses the...
DoraCMS Cross-Site Scripting Vulnerability (CNVD-2023-9750397)
DoraCMS is a software application. Based on Nodejs+eggjs+mongodb to write a content management system . A cross-site scripting XSS vulnerability exists in DoraCMS version v2.1.8. An attacker can exploit this vulnerability to execute arbitrary code by uploading a specially crafted HTML or image fi...
CVE-2020-10044
A vulnerability has been identified in SICAM MMU All versions V2.05, SICAM SGU All versions, SICAM T All versions V2.18. An attacker with access to the network could be able to install specially crafted firmware to the device...
allianceauth (>=2.1.0 <=2.1.1), beanstalk-dispatch (>=0.0.3 <=0.0.5) +214 more potentially affected by CVE-2019-11358 via django (>=2.0.0 <=2.1.8)
django PYPI version =2.0.0, =2.1.0, =0.0.3, =0.1.0, =0.1.0, =0.5.0, =3.0.0, =2.1.0, =0.0.1, =1.1.0, =1.2.1 and more Source cves: CVE-2019-11358 Source advisory: OSV:GHSA-6C3J-C64M-QHGQ...
e107 Cross-Site Request Forgery Vulnerability (CNVD-2018-17620)
e107 is an open source, free and PHP and MySQL based Content Management System CMS developed by the e107 team. The system supports a variety of plug-ins and appearance of the theme , can be used as a personal blog , discussion community , archive repository and so on. A cross-site request forgery...