CVE-2026-4301

The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsrreview AJAX handler lacks both capability checks and nonce verification. The only access control is an isuserloggedin check...

PT-2026-42549

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description A Cross-Site Request Forgery CSRF token validation bypass exists where the local available update.php view emits a token via $token-output'do update', but the do update function in...

EUVD-2026-27185

The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. This is due to insufficient input sanitization and output escaping, combined with a...

CVE-2026-4803 Royal Addons for Elementor <= 1.7.1056 - Unauthenticated Stored Cross-Site Scripting via 'status' Parameter in wpr_update_form_action_meta

The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. This is due to insufficient input sanitization and output escaping, combined with a...

PT-2026-36966

The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wpr update form action meta AJAX action in all versions up to, and including, 1.7.1056. This is due to insufficient input sanitization and output escaping, combined with ...

CVE-2026-7106

The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 1.0.0. This is due to insufficient authorization checks in the hscrmsaveuserroles function, which is hooked to the personaloptionsupdate action accessible by any...

CVE-2021-41870

An issue was discovered in the firmware update form in Socomec REMOTE VIEW PRO 2.0.41.4. An authenticated attacker can bypass a client-side file-type check and upload arbitrary .php files...

CVE-2025-41021 Stored Cross-Site Scripting (XSS) vulnerability in Sergestec's Exito

Stored Cross-Site Scripting XSS in Sergestec's Exito v8.0, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'obs' parameter in '/admin/index.php?action=productupdate'. This vulnerability could allow a remote user to send a specially...

CVE-2025-41049

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/appform...

CVE-2025-52187

GetProjectsIdea Create School Management System 1.0 is vulnerable to Cross Site Scripting XSS in myprofileupdateform1.php...

Get Projects School Management System 安全漏洞

Get Projects School Management System is an open source school management system software from Get Projects. A security vulnerability exists in Get Projects School Management System version 1.0, which originates from cross-site scripting in myprofileupdateform1.php...

CVE-2024-5239

A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/timetableupdateform.php. The manipulation of the argument grade leads to sql injection. The attack can be initiated...

CVE-2024-5239 Campcodes Complete Web-Based School Management System timetable_update_form.php sql injection

A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/timetableupdateform.php. The manipulation of the argument grade leads to sql injection. The attack can be initiated...

Campcodes Complete Web-Based School Management System SQL注入漏洞

Campcodes Complete Web-Based School Management System is a web-based school management system from Campcodes, Inc. A SQL injection vulnerability exists in version 1.0 of the Campcodes Complete Web-Based School Management System, which originates from an SQL injection vulnerability in the exam...

PT-2024-33332 · Unknown · Campcodes Complete Web-Based School Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Complete Web-Based School Management System version 1.0 Description: A critical issue affects some unknown functionality of the file /view/student exam mark update form.php. The manipulation of the exam argument leads to SQL...

CVE-2024-4686

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/emarksrangegradeupdateform.php. The manipulation of the argument grade leads to cross site scripting. The attack m...

Campcodes Complete Web-Based School Management System 跨站脚本漏洞

Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A cross-site scripting vulnerability exists in version 1.0 of the Campcodes Complete Web-Based School Management System, which originates from a cross-site scripting vulnerability in...

CVE-2024-4686 Campcodes Complete Web-Based School Management System emarks_range_grade_update_form.php cross site scripting

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/emarksrangegradeupdateform.php. The manipulation of the argument grade leads to cross site scripting. The attack m...

PT-2024-32009 · Unknown · Campcodes Complete Web-Based School Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Complete Web-Based School Management System version 1.0 Description: A problem was found in the system. It affects some unknown functionality of the file /view/student exam mark update form.php. The manipulation of the argument std...

CVE-2024-4513

A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/timetableupdateform.php. The manipulation of the argument grade leads to cross site scripting. The attack...