CVE-2025-54734

Missing Authorization vulnerability in bPlugins B Slider b-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Slider: from n/a through = 1.1.30...

CVE-2025-54734 WordPress B Slider Plugin <= 1.1.30 - Broken Access Control Vulnerability

Missing Authorization vulnerability in bPlugins B Slider b-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Slider: from n/a through = 1.1.30...

CVE-2025-8418 B Slider- Gutenberg Slider Block for WP <= 1.1.30 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Plugin Installation

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1.1.30. This is due to missing capability checks on the activatedplugin function. This makes it possible for authenticated attackers, with...

PT-2025-32631 · WordPress · B Slider- Gutenberg Slider Block

Name of the Vulnerable Software and Affected Versions: B Slider- Gutenberg Slider Block for WP plugin for WordPress versions up to and including 1.1.30 Description: The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to arbitrary plugin installation due to missing...

WordPress plugin LightBox Block 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2023-22464

ViewVC is a browser interface for CVS and Subversion version control repositories. Versions prior to 1.2.3 and 1.1.30 are vulnerable to cross-site scripting. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by a...

EnGenius EWS356-FIT 安全漏洞

The EnGenius EWS356-FIT is an indoor wireless access point from EnGenius. A security vulnerability exists in the EnGenius EWS356-FIT version 1.1.30 and prior versions. A remote attacker could exploit the vulnerability to execute arbitrary operating system commands via the controller connection...

PT-2024-24330

Name of the Vulnerable Software and Affected Versions EnGenius EWS356-FIR versions 1.1.30 and earlier Description The issue allows a remote attacker to execute arbitrary OS commands via the Controller connectivity parameter. This enables the attacker to gain unauthorized access and control over t...

CVE-2024-36061

EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities...

EnGenius EWS356-FIT 安全漏洞

The EnGenius EWS356-FIT is an indoor wireless access point from EnGenius. A security vulnerability exists in the EnGenius EWS356-FIT version 1.1.30 and earlier. An attacker can exploit the vulnerability to execute arbitrary operating system commands via shell metacharacters to the Ping and Speed...

PT-2024-24329 · Engenius · Engenius Ews356-Fit +1

Name of the Vulnerable Software and Affected Versions: EnGenius EWS356-Fit versions 1.1.30 and earlier EnGenius ESR580 versions 1.1.30 and earlier Description: The issue allows a remote attacker to conduct stored XSS attacks via the Wi-Fi SSID parameters. JavaScript embedded into a vulnerable fie...

EnGenius ESR580 安全漏洞

The EnGenius ESR580 is a series of wireless access points from EnGenius. A security vulnerability exists in the EnGenius ESR580 version 1.1.30 and earlier, which stems from a stored cross-site scripting attack that allows remote attackers to conduct a stored cross-site scripting attack via the...

PT-2024-20508 · WordPress · Heateor Social Login

Name of the Vulnerable Software and Affected Versions: Heateor Social Login WordPress versions 1.1.30 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This can be exploited...

Malicious code in onetake (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 52bec93f09b5dc6085214609ef35d8aaf2346d6e50e6a12e5304e16aa3493ae2 The OpenSSF Package Analysis project identified 'onetake' @ 1.1.30 npm as malicious. It is considered malicious because: - The package...

FlyteAdmin 代码问题漏洞

FlyteAdmin is a control plane for Flyte open source. It is responsible for managing entities tasks, workflows, startup plans and managing workflow execution. A code issue vulnerability exists in FlyteAdmin versions prior to 1.1.30, which stems from the fact that authenticated users using an...

libxslt: Multiple vulnerabilities

Background libxslt is the XSLT C library developed for the GNOME project. XSLT is an XML language to define transformations for XML. Description Multiple vulnerabilities have been discovered in libxslt. Please review the CVE identifiers referenced below for details. Impact A remote attacker, via ...

EasyCart 1.1.30 - 3.0.20 - Privilege Escalation

Due to a lack of validation in the ecajaxupdateoption and ecajaxclearalltaxrates functions located in /inc/admin/adminajaxfunctions.php, it is possible to update any WordPress option as an authenticated non-admin user, which can in turn lead to privilege escalation and remote code execution...