CVE-2026-44366

Vvveb CMS before version 1.0.8.1 is affected by a Stored XSS in the comment submission flow. An unauthenticated user can submit an author field on any public post page, which is stored without sanitization and later rendered unsanitized in two sinks. The issue is fixed in version 1.0.8.1. Remedia...

EUVD-2026-30588

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.1, a Stored Cross-Site Scripting XSS vulnerability exists in the Vvveb CMS comment submission flow. The author field is submitted by an unauthenticated user on any public post...

CVE-2026-44366

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.1, a Stored Cross-Site Scripting XSS vulnerability exists in the Vvveb CMS comment submission flow. The author field is submitted by an unauthenticated user on any public post...

CVE-2026-44366 Vvveb: Stored XSS via Comment Author Field

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.1, a Stored Cross-Site Scripting XSS vulnerability exists in the Vvveb CMS comment submission flow. The author field is submitted by an unauthenticated user on any public post...

CVE-2026-34429

Vvveb prior to 1.0.8.1 contains a stored cross-site scripting vulnerability that allows authenticated users with media upload and rename permissions to execute arbitrary JavaScript by bypassing MIME type validation and renaming uploaded files to executable extensions. Attackers can prepend a GIF8...

Vvveb 安全漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.1 contained security vulnerabilities. These vulnerabilities stemmed from the oEmbedProxy operation in the editor/editor...

EUVD-2024-45899

Malicious code in bioql PyPI...

PT-2024-35252 · Unknown · Stephen Cui Xin

Name of the Vulnerable Software and Affected Versions: Stephen Cui Xin versions n/a through 1.0.8.1 Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection. This is a weakness in the software that can be exploited. Recommendations: For versions n/a...

WordPress WP Setup Wizard Plugin <= 1.0.8.1 is vulnerable to Sensitive Data Exposure

Software WP Setup Wizard Type Plugin Vulnerable versions = 1.0.8.1 Fixed in 1.0.8.2 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-25917 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 5a05aed5e6cb Credits Dave Jong Patchstack...

CVE-2024-0791

The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on the wpbecreatenewterm, wpbeupdatetaxterm, and wpbedeletetaxterm functions in all versions up to, and...

CVE-2022-2536

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient validation of settings on the 'tptranslation' AJAX action which makes it possible for...

CVE-2022-2536

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient validation of settings on the 'tptranslation' AJAX action which makes it possible for...

CVE-2022-2462

The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tphistory' AJAX action and insufficient restriction on the data...

CVE-2022-2461

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tptranslation' AJAX action and default settings which makes it possib...

CVE-2022-2461

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tptranslation' AJAX action and default settings which makes it possib...

PT-2022-17238 · WordPress · Transposh Wordpress Translation Plugin

Name of the Vulnerable Software and Affected Versions: Transposh WordPress Translation plugin versions up to, and including, 1.0.8.1 Description: The issue allows unauthorized setting changes by unauthenticated users due to insufficient validation of settings on the 'tp translation' AJAX action...

WordPress plugin Transposh WordPress Translation 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2022-16766 · WordPress · Transposh Wordpress Translation Plugin

Name of the Vulnerable Software and Affected Versions: Transposh WordPress Translation plugin versions up to, and including, 1.0.8.1 Description: The issue is related to insufficient permissions checking on the 'tp history' AJAX action and insufficient restriction on the data returned in the...

PT-2022-16758

Name of the Vulnerable Software and Affected Versions Transposh WordPress Translation plugin versions up to, and including, 1.0.8.1 Description The issue is due to insufficient permissions checking on the 'tp translation' AJAX action and default settings, making it possible for unauthenticated...

CVE-2022-29307

IonizeCMS v1.0.8.1 was discovered to contain a command injection vulnerability via the function copylangcontent in application/models/langmodel.php...