28 matches found
CVE-2026-31799 Tautulli: SQL Injection in get_home_stats API endpoint via unsanitised filter parameters
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.17.0 for parameters "before" and "after" and from version 2.1.0-beta to before version 2.17.0 for parameters "sectionid" and "userid", the /api/v2?cmd=gethomestats endpoint passe...
CVE-2025-15396
The Library Viewer WordPress plugin (before 3.2.0) is vulnerable to Reflected Cross-Site Scripting due to inadequate sanitisation/escaping of certain parameters, potentially impacting high-privilege users (e.g., admins). Affected product/version: Library Viewer WordPress plugin
CVE-2025-1798
The does not sanitise and escape some parameters when outputting them back in a page, allowing unauthenticated users the ability to perform stored Cross-Site Scripting attacks...
CVE-2025-11779
Stack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-PLC50 v9.0.2. The 'SetLan' function is invoked when a new configuration is applied. This new configuration function is activated by a management web request, which can be invoked by a user when making changes to the 'index.cgi'...
EUVD-2021-11254
Malware in sbrugna...
CVE-2025-8282
CVE-2025-8282 affects the SureForms WordPress plugin prior to 1.9.1. The issue is an input sanitization/escaping flaw in parameters output on pages, enabling stored Cross‑Site Scripting (XSS) for admin and higher-privilege users. Impact is admin users could inject malicious scripts into pages ren...
CVE-2021-24849
The wcfmajaxcontroller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections...
CVE-2025-1798
CVE-2025-1798 is an unauthenticated stored XSS in Design Comuni Italia WordPress Theme prior to 1.1.2, caused by unescaped/sanitised parameters in output, enabling stored XSS. Affected: Design Comuni Italia Theme (
PT-2025-1986 · WordPress · Dental Optimizer Patient Generator App
Name of the Vulnerable Software and Affected Versions: Dental Optimizer Patient Generator App WordPress plugin versions 1.0 Description: The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitised and escaped before being outputted back in the pag...
CVE-2024-11107
The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks...
My Calendar < 3.4.24 - Authenticated Stored XSS
Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks depending on the permissions set by the admin PoC 1. Use any type of role as long as you permit it the action to Add Events. 2. Add...
PT-2024-15222 · WordPress · Meris
Name of the Vulnerable Software and Affected Versions: Meris WordPress theme versions 1.1.2 and earlier Description: The issue is related to Reflected Cross-Site Scripting, which occurs because the theme does not properly sanitise and escape certain parameters before outputting them back in the...
WooCommerce PDF Invoice Builder < 1.2.104 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Peter’s Custom Anti-Spam < 3.2.3 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
FooGallery < 2.3.2 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
AcyMailing SMTP Newsletter < 8.6.3 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Contact Form Generator < 2.6.0 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
PT-2023-13959 · WordPress · Superio
Name of the Vulnerable Software and Affected Versions: Superio WordPress theme affected versions not specified Description: The issue concerns the Superio WordPress theme, which does not properly sanitise and escape certain parameters. This could allow users with a role as low as a subscriber to...
PT-2022-24842 · WordPress · Buddybadges
Name of the Vulnerable Software and Affected Versions: buddybadges WordPress plugin versions 1.0.0 and earlier Description: The issue is related to a SQL injection that occurs because a parameter is not properly sanitised and escaped before being used in a SQL statement. This can be exploited by...
CVE-2022-2958
The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections...