CVE-2025-66113

Missing Authorization vulnerability in ThemeAtelier Better Chat Support for Messenger better-chat-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Chat Support for Messenger: from n/a through = 1.2.18...

EUVD-2025-198441

Missing Authorization vulnerability in ThemeAtelier Better Chat Support for Messenger better-chat-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Chat Support for Messenger: from n/a through = 1.2.18...

CVE-2025-66113 WordPress Better Chat Support for Messenger plugin <= 1.2.18 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeAtelier Better Chat Support for Messenger better-chat-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Chat Support for Messenger: from n/a through = 1.2.18...

CVE-2025-66113

CVE-2025-66113 affects the WordPress plugin Better Chat Support for Messenger (ThemeAtelier) up to version 1.2.18, describing a Missing Authorization / Broken Access Control vulnerability. Connected sources (Wordfence intelligence report and PatchStack) confirm the issue and indicate a patch has ...

PT-2025-47775

Missing Authorization vulnerability in ThemeAtelier Better Chat Support for Messenger better-chat-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Chat Support for Messenger: from n/a through = 1.2.18...

WordPress Better Chat Support for Messenger plugin <= 1.2.18 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Better Chat Support for Messenger versions = 1.2.18...

WordPress Amelia plugin - 1.2.18-1.2.36 - Unauthenticated Sensitive Information Exposure vulnerability

WordPress Amelia plugin - 1.2.18-1.2.36 - Unauthenticated Sensitive Information Exposure vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Amelia versions 1.2.18-1.2.36...

WordPress plugin Email Subscription Popup security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2023-32688 · WordPress · Email Subscription Popup

Name of the Vulnerable Software and Affected Versions: Email Subscription Popup plugin for WordPress versions up to, and including, 1.2.18 Description: The issue is related to Reflected Cross-Site Scripting via the HTTP REFERER header due to insufficient input sanitization and output escaping. Th...

CVE-2022-41155

Block BYPASS vulnerability in iQ Block Country plugin = 1.2.18 on WordPress...

WordPress plugin iQ Block Country 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

Microweber 跨站脚本漏洞

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A cross-site scripting vulnerability exists in Microweber versions prior to 1.2.18. The...

Cacti < 1.2.18 XSS Vulnerability - Linux

Cacti is prone to a cross-site scripting XSS vulnerability via template import for the midwinter theme. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Cacti < 1.2.18 XSS Vulnerability - Windows

Cacti is prone to a cross-site scripting XSS vulnerability via template import for the midwinter theme. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CVE-2020-14424

Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme...

PT-2021-9727 · Cacti +4 · Cacti +4

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.18 Description: The issue allows remote attackers to trigger XSS via template import for the midwinter theme. There is no information provided about the estimated number of potentially affected devices worldwide or...

Vulnerability fixed in Cacti

Vulnerabilities have been fixed in Cacti. A malicious person at remote can exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. Not every vulnerability h...

Debian: Security Advisory (DLA-2562-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Brave Browser iOS and Brave Browser Android Address Bar Spoofing Vulnerability

Brave Browser iOS and Brave Browser Android are both web browsers from Brave Software, USA. The former is for iOS; the latter is for Android. A security vulnerability exists in Brave Browser iOS versions prior to 1.2.18 and Brave Browser Android versions 1.9.56 and earlier. An attacker can exploi...

MantisBT 1.2.x < 1.2.19 Open Redirect Vulnerability - Linux

MantisBT is prone to an open redirect vulnerability. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...