EUVD-2026-22868

The Coachific Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userhash' shortcode attribute in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping. The plugin uses sanitizetextfield on the 'userhash'...

CVE-2026-4005

The Coachific Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userhash' shortcode attribute in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping. The plugin uses sanitizetextfield on the 'userhash'...

PT-2026-33025

The Coachific Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userhash' shortcode attribute in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping. The plugin uses sanitize text field on the 'userhash'...

PT-2025-6842 · Unknown · Code-Projects Real Estate Property Management System

Name of the Vulnerable Software and Affected Versions: code-projects Real Estate Property Management System version 1.0 Description: A critical vulnerability has been found in the code-projects Real Estate Property Management System. The issue affects an unknown functionality of the file /...

PT-2025-6117 · Unknown · Code-Projects Job Recruitment

Name of the Vulnerable Software and Affected Versions: code-projects Job Recruitment version 1.0 Description: A critical issue has been found in code-projects Job Recruitment. The manipulation of the userhash argument leads to SQL injection. It is possible to initiate the attack remotely. The iss...

CVE-2017-18486

Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote...