CVE-2026-1304

The Membership Plugin – Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting via multiple invoice settings fields in all versions up to, and including, 3.2.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

CVE-2026-1304

The Membership Plugin – Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting via multiple invoice settings fields in all versions up to, and including, 3.2.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

EUVD-2025-205774

The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'editrating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above t...

CVE-2025-14426

The CVE-2025-14426 entry affects the Strong Testimonials WordPress plugin (all versions up to 3.2.18). Root cause: a missing capability check in the edit_rating function allows authenticated attackers with Contributor level access or higher to modify or delete rating meta on any testimonial post,...

WordPress plugin Strong Testimonials 安全漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2021-24927

The My Calendar WordPress plugin before 3.2.18 does not sanitise and escape the callback parameter of the mcpostlookup AJAX action available to any authenticated user before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue...

WordPress plugin Robo Gallery 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

WordPress Robo Gallery Plugin <= 3.2.17 is vulnerable to Cross Site Scripting (XSS)

Software Robo Gallery Type Plugin Vulnerable versions = 3.2.17 Fixed in 3.2.18 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22295 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 29d8208eb109 Credits Bryan Satyamulya Required privilege...

Security fix for the ALT Linux 10 package python3-module-django version 3.2.18-alt1

3.2.18-alt1 built March 31, 2023 Alexey Shabalin in task 317508 March 24, 2023 Alexey Shabalin - New version 3.2.18. - Fixes for the following security vulnerabilities: + CVE-2023-23969 Potential denial-of-service via Accept-Language headers + CVE-2023-24580 Potential denial-of-service...

DEBIAN-CVE-2023-27372

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1...

[SECURITY] [DLA 3010-1] ffmpeg security update

Debian LTS Advisory DLA-3010-1 [email protected] https://www.debian.org/lts/security/ Enrico Zini May 16, 2022 https://wiki.debian.org/LTS Package : ffmpeg Version : 7:3.2.18-0+deb9u1 The ffmpeg project released the new version 3.2.18 with fixes for various issues found by the OSS-Fuzz...

My Calendar < 3.2.18 - Subscriber+ Reflected Cross-Site Scripting

The plugin does not sanitise and escape the callback parameter of the mcpostlookup AJAX action available to any authenticated user before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue...

Oracle VirtualBox Local Denial of Service Vulnerability-01 (Oct 2013) - Windows

Oracle VirtualBox is prone to an unspecified vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...