CVE-2025-60245

Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through = 2.9.12...

WordPress plugin WP User Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

EUVD-2025-23662

Malicious code in bioql PyPI...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the /meta/proxy endpoint. An attacker can obtain sensitive information by sending requests that cause identifiable data, such as email addresses, to be forwarded to external services through specific HTTP header...

Medium: mod_security

Issue Overview: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response's Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we...

CVE-2025-54571

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrate...

PT-2024-24340 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 2.10.7 Argo CD versions prior to 2.9.12 Argo CD versions prior to 2.8.16 Description: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces...

CVE-2024-2238

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Mouse Cursor module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-2237

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Global Badge module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

CVE-2024-2000

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'navigationdots' parameter of the Multi Scroll Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

PT-2024-19383 · WordPress · Premium Addons Pro

Name of the Vulnerable Software and Affected Versions: Premium Addons PRO plugin for WordPress versions up to, and including, 2.9.12 Description: The issue is related to Stored Cross-Site Scripting via the Premium Magic Scroll module due to insufficient input sanitization and output escaping. Thi...

PT-2024-18488 · WordPress · Premium Addons Pro

Name of the Vulnerable Software and Affected Versions: Premium Addons PRO plugin for WordPress versions up to, and including, 2.9.12 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the navigation dots parameter of the...

WordPress Stock Quotes List Plugin <= 2.9.11 is vulnerable to Cross Site Scripting (XSS)

Software Stock Quotes List Type Plugin Vulnerable versions = 2.9.11 Fixed in 2.9.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41666 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8915def85604 Credits deokhunKim Required...

Zope XSS Vulnerability (Jan 2010)

Zope is prone to a cross-site scripting XSS vulnerability because the application fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...