WordPress plugin Universal Google Adsense and Ads Manager has security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Linux Distros Unpatched Vulnerability : CVE-2021-43415

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission...

CVE-2025-53581

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in artiosmedia RSS Feed Pro rss-feed-pro allows Stored XSS.This issue affects RSS Feed Pro: from n/a through = 1.1.8...

WordPress plugin Flexible Cookies 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2024-17303 · WordPress · Bmlt Tabbed Map

Name of the Vulnerable Software and Affected Versions: BMLT Tabbed Map plugin for WordPress versions 1.1.8 and earlier Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'bmlt tabbed map' shortcode due to insufficient input sanitization and output escaping on...

PT-2024-30855 · Unknown · Masterstudy Lms Starter

Name of the Vulnerable Software and Affected Versions: Masterstudy LMS Starter versions 1.1.8 and below Description: The issue is related to the insertion of sensitive information into log files. This could potentially expose sensitive data. Recommendations: For Masterstudy LMS Starter versions...

PT-2024-30465 · Unknown · Speedycache

Name of the Vulnerable Software and Affected Versions: SpeedyCache versions 1.1.8 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the SpeedyCache plugin. This allows an attacker to perform unintended actions on a user's account. Users are urged to upgrade to mitigate risk...

WordPress Thim Elementor Kit plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 4rCanJ0x! Patchstack Alliance in WordPress Plugin Thim Elementor Kit versions = 1.1.8...

PT-2024-24651

Name of the Vulnerable Software and Affected Versions GuCherry Blog versions 1.1.8 and earlier Description The issue is related to improper neutralization of input during web page generation, which allows for reflected cross-site scripting XSS. This means an attacker can inject malicious scripts...

PT-2024-24068 · Marker.Io · Marker.Io

Name of the Vulnerable Software and Affected Versions: Marker.Io versions 1.1.8 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the use...

PT-2023-19141 · Pixelgrade · Pixelgrade Comments Ratings Plugin

Name of the Vulnerable Software and Affected Versions: Pixelgrade Comments Ratings plugin versions prior to 1.1.8 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects users with admin+ authentication. This type of vulnerability allows an attacker to...

WordPress plugin Read more By Adam 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Read more By Adam...

PT-2019-5239 · Davical · Davical

Name of the Vulnerable Software and Affected Versions: DAViCal versions through 1.1.8 Description: A reflected XSS issue was discovered in DAViCal. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can vie...

CVE-2019-1570

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings...

CVE-2016-8369

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request CROSS-SITE REQUEST FORGERY...