PT-2025-31256 · Piwigo · Piwigo

Name of the Vulnerable Software and Affected Versions: Piwigo versions 13.8.0 and below Description: Piwigo versions 13.8.0 and below are vulnerable to SQL Injection in the parameters max level and min register. These parameters are used in the ws user gerList function from the file includews...

WordPress plugin Front End Users 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2022-40487

ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload...

CVE-2018-20508

CrashFix 1.0.4 has SQL Injection via the Userstatus parameter. This is related to actionIndex in UserController.php, and the protected\models\User.php search function...