9473 matches found
CVE-2025-13988
The 评论小秘书 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.3.2. This is due to insufficient input sanitization and output escaping on the $SERVER'PHPSELF' variable in the plugin's settings page. This mak...
WordPress Complag plugin <= 1.0.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Complag versions = 1.0.2...
EUVD-2025-203008
The Complag plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
EUVD-2025-203006
The Like DisLike Voting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
EUVD-2025-202976
The 评论小秘书 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.3.2. This is due to insufficient input sanitization and output escaping on the $SERVER'PHPSELF' variable in the plugin's settings page. This mak...
CVE-2025-13988
The 评论小秘书 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.3.2. This is due to insufficient input sanitization and output escaping on the $SERVER'PHPSELF' variable in the plugin's settings page. This mak...
CVE-2025-14138
CVE-2025-14138 : WPLG Default Mail From (WordPress) is vulnerable to Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] in all versions up to 1.0.0. Affected: WordPress plugin WPLG Default Mail From; exploitation possible by tricking an authenticated? no—un/authenticated user? The descriptio...
CVE-2025-14137 Simple AL Slider <= 1.2.10 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
The Simple AL Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-14132 Category Dropdown List <= 1.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
The Category Dropdown List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-14132 Category Dropdown List <= 1.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
The Category Dropdown List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-14132
The CVE-2025-14132 entry refers to the WordPress plugin Category Dropdown List. It is a Reflected Cross-Site Scripting vulnerability exploitable via the PHP_SELF variable in all versions up to 1.0, due to insufficient input sanitization/output escaping. The Wordfence detail lists an affected prod...
CVE-2025-13988
CVE-2025-13988 refers to the WordPress plugin 评论小秘书 (Comments Secretary). It is a Reflected Cross‑Site Scripting vulnerability via the $_SERVER['PHP_SELF'] variable in all versions up to and including 1.3.2, caused by insufficient input sanitization and output escaping on the plugin’s settings pa...
CVE-2025-13988 评论小秘书 <= 1.3.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
The 评论小秘书 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.3.2. This is due to insufficient input sanitization and output escaping on the $SERVER'PHPSELF' variable in the plugin's settings page. This mak...
CVE-2025-14129 Like DisLike Voting <= 1.0.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
The Like DisLike Voting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-14129 Like DisLike Voting <= 1.0.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
The Like DisLike Voting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
PT-2025-50842
The 评论小秘书 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $ SERVER'PHP SELF' variable in all versions up to, and including, 1.3.2. This is due to insufficient input sanitization and output escaping on the $ SERVER'PHP SELF' variable in the plugin's settings page. This...
PT-2025-50852
The Complag plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $ SERVER'PHP SELF' variable in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
PT-2025-50856
The WPLG Default Mail From plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $ SERVER'PHP SELF' variable in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...
PT-2025-50855
The Simple AL Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $ SERVER'PHP SELF' variable in all versions up to, and including, 1.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
EulerOS 2.0 SP11 : libssh (EulerOS-SA-2025-2484)
According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash...