7 matches found
CVE-2026-40797
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saleswonder LLC WebinarIgnition allows Blind SQL Injection. This issue affects WebinarIgnition: from n/a through 4.08.253...
CVE-2025-67090
The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint /cgi-bin/luci. An unauthenticated attacker on the local netwo...
EUVD-2025-202122
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in NooTheme Jobmonster noo-jobmonster allows PHP Local File Inclusion.This issue affects Jobmonster: from n/a through = 4.8.2...
WordPress plugin Backup, Restore and Migrate your sites with XCloner 跨站请求伪造漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. The WordPress plug...
PT-2025-4966 · Unknown · Eelv-Newsletter
Name of the Vulnerable Software and Affected Versions: EELV Newsletter versions prior to 4.8.2 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This enables an attacker to inject...
WordPress oEmbed discovery cross-site scripting vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on servers with PHP and MySQL. oEmbed discovery is one of the oEmbed search plugin. A cross-site scripting vulnerability exists in oEmbed...
DEBIAN-CVE-2017-14721
Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name...