WordPress AI Chatbot & Workflow Automation by AIWU plugin <= 1.4.14 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin AIWU versions = 1.4.14...

CVE-2026-2955

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

PT-2026-42107

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

CVE-2026-39413

LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.4.14, the LightRAG API is vulnerable to a JWT algorithm confusion attack where an attacker can forge tokens by specifying 'alg': 'none' in the JWT header. Since the jwt.decode call does not explicitly deny the 'none'...

CVE-2026-39413

LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.4.14, the LightRAG API is vulnerable to a JWT algorithm confusion attack where an attacker can forge tokens by specifying 'alg': 'none' in the JWT header. Since the jwt.decode call does not explicitly deny the 'none'...

CVE-2026-39413 LightRAG has a JWT Algorithm Confusion Vulnerability in LightRAG API

LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.4.14, the LightRAG API is vulnerable to a JWT algorithm confusion attack where an attacker can forge tokens by specifying 'alg': 'none' in the JWT header. Since the jwt.decode call does not explicitly deny the 'none'...

WordPress WP All Export plugin <= 1.4.14 - Unauthenticated Sensitive Information Exposure via PHP Type Juggling vulnerability

Unauthenticated Sensitive Information Exposure via PHP Type Juggling vulnerability discovered by Vincent Theriault-Laine in WordPress Plugin Export any WordPress data to XML/CSV versions = 1.4.14...

CVE-2026-1582 WP All Export <= 1.4.14 - Unauthenticated Sensitive Information Exposure via PHP Type Juggling

The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.14 via the export download endpoint. This is due to a PHP type juggling vulnerability in the security token comparison which uses loose comparison == instead of strict...

WordPress plugin WP All Export 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress Prisna GWT plugin < 1.4.14 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Prisna GWT – Google Website Translator versions 1.4.14...

EUVD-2018-12709

Malware in sbrugna...

EUVD-2021-1814

Malware in sbrugna...

CVE-2025-57953

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 100plugins Open User Map open-user-map allows DOM-Based XSS.This issue affects Open User Map: from n/a through = 1.4.14...

CVE-2025-57953

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 100plugins Open User Map open-user-map allows DOM-Based XSS.This issue affects Open User Map: from n/a through = 1.4.14...

CVE-2025-57953 WordPress Open User Map Plugin <= 1.4.14 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 100plugins Open User Map open-user-map allows DOM-Based XSS.This issue affects Open User Map: from n/a through = 1.4.14...

CVE-2025-57953

The CVE-2025-57953 entry concerns the WordPress plugin Open User Map. Affected range: Open User Map from n/a through 1.4.14. The vulnerability is a DOM-Based XSS caused by Improper Neutralization of Input During Web Page Generation (Cross-site Scripting). The CVSS metrics indicate base score 6.5 ...

PT-2025-38803

Name of the Vulnerable Software and Affected Versions 100plugins Open User Map versions through 1.4.14 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a DOM-Based Cross-site Scripting issue. This allows for the execution of...

CVE-2024-4700

The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button element in all versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to...

CVE-2020-28847

Cross Site Scripting XSS vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/Comment...

CVE-2018-20140

Zenphoto 1.4.14 has multiple cross-site scripting XSS vulnerabilities via different URL parameters...