EUVD-2026-21597

phpseclib has a variable-time HMAC comparison in SSH2::getbinarypacket using != instead of hashequals...

CVE-2026-40194 phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()

phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...

CVE-2026-40194

phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...

CVE-2023-51666

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Related Post allows Stored XSS.This issue affects Related Post: from n/a through 2.0.53...

PT-2024-14226 · Pickplugins · Pickplugins Related Post

Name of the Vulnerable Software and Affected Versions: PickPlugins Related Post versions n/a through 2.0.53 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker ca...

WordPress Related Post Plugin <= 2.0.53 is vulnerable to Cross Site Scripting (XSS)

Software Related Post Type Plugin Vulnerable versions = 2.0.53 Fixed in 2.0.54 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51666 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3b0bef244c2c Credits Khalid Yusuf Required privilege...