WordPress plugin theme Wibar 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2018-25277 PixGPS 1.1.8 Buffer Overflow Denial of Service

PixGPS 1.1.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string to the folder path input field. Attackers can craft a payload exceeding 6000 bytes and paste it into the 'Folder with picture files' field to trigger a denia...

PixGPS 安全漏洞

PixGPS is an image geolocation marking tool developed by PixGPS Inc. Based on positioning technology. Version 1.1.8 of PixGPS contains a security vulnerability. This vulnerability arises from a buffer overflow when submitting excessively long strings in the folder path input field. This could all...

CVE-2026-32504 WordPress VintWood theme <= 1.1.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativeWS VintWood vintwood allows PHP Local File Inclusion.This issue affects VintWood: from n/a through = 1.1.8...

CVE-2026-32504 WordPress VintWood theme <= 1.1.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativeWS VintWood vintwood allows PHP Local File Inclusion.This issue affects VintWood: from n/a through = 1.1.8...

CVE-2026-32504

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativeWS VintWood vintwood allows PHP Local File Inclusion.This issue affects VintWood: from n/a through = 1.1.8...

WordPress plugin VintWood 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress VintWood theme <= 1.1.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO in WordPress Theme VintWood versions = 1.1.8...

WordPress List Site Contributors < 1.1.8 - Reflected XSS

WordPress List Site Contributors plugin 1.1.8 contains a reflected XSS caused by insufficient sanitization and escaping of the 'alpha' parameter, letting unauthenticated attackers inject scripts, exploit requires user interaction. id: CVE-2026-0594 info: name: WordPress List Site Contributors 1.1...

CVE-2026-1499

The WP Duplicate plugin for WordPress is vulnerable to Missing Authorization leading to Arbitrary File Upload in all versions up to and including 1.1.8. This is due to a missing capability check on the processaddsite AJAX action combined with path traversal in the file upload functionality. This...

WordPress WP Duplicate plugin <= 1.1.8 - Authenticated (Subscriber+) Arbitrary File Upload via 'process_add_site' AJAX Action vulnerability

Authenticated Subscriber+ Arbitrary File Upload via 'processaddsite' AJAX Action vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin WP Duplicate versions = 1.1.8...

PT-2026-6691

Name of the Vulnerable Software and Affected Versions WP Duplicate versions up to and including 1.1.8 Description The WP Duplicate plugin for WordPress is susceptible to a missing authorization issue, leading to arbitrary file upload. This occurs because of a missing capability check on the proce...

Hrsale 跨站请求伪造漏洞

Hrsale is a human resources management system written in PHP, developed by the Hrsale team. Version 1.1.8 of Hrsale contains a cross-site request forgeing vulnerability. This vulnerability stems from the existence of cross-site request forgery, which may lead to the addition of unauthorized...

CVE-2026-24603

Missing Authorization vulnerability in themebeez Universal Google Adsense and Ads manager universal-google-adsense-and-ads-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Universal Google Adsense and Ads manager: from n/a through = 1.1.8...

PT-2026-4437

Name of the Vulnerable Software and Affected Versions themebeez Universal Google Adsense and Ads manager versions through 1.1.8 Description An issue exists in themebeez Universal Google Adsense and Ads manager related to incorrectly configured access control security levels, allowing for missing...

CVE-2026-0594

The List Site Contributors plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'alpha' parameter in versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

WordPress List Site Contributors plugin <= 1.1.8 - Reflected Cross-Site Scripting via alpha vulnerability

Reflected Cross-Site Scripting via alpha vulnerability discovered by 0x34rth in WordPress Plugin List Site Contributors versions = 1.1.8...

WordPress Universal Google Adsense and Ads manager plugin <= 1.1.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Universal Google Adsense and Ads manager versions = 1.1.8...

CVE-2026-0594

The List Site Contributors plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'alpha' parameter in versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

WordPress plugin List Site Contributors 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...