CVE-2025-9029 WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder <= 1.2.16 - Missing Authentication via wdkit_handle_review_submission Function

The WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder plugin for WordPress is vulnerable to missing authorization via the wdkithandlereviewsubmission function in versions less than, or equal to, 1.2.16. This is due to the plugin not properly verifyin...

PT-2025-36199

Name of the Vulnerable Software and Affected Versions: KaizenCoders Enable Latex versions n/a through 1.2.16 Description: A Cross-Site Request Forgery CSRF vulnerability exists in KaizenCoders Enable Latex, which can also lead to Stored Cross-Site Scripting XSS. Recommendations: Update KaizenCode...

PT-2025-7829 · Fast Flow · Fast Flow

Name of the Vulnerable Software and Affected Versions: Fast Flow versions 1.2.16 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS attacks. Recommendations: For versions...

WordPress plugin Amelia 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

MantisBT Cross-Site Scripting Vulnerability (CNVD-2017-04629)

MantisBT is an open-source issue management system developed in PHP and commonly used for internal collaboration within corporate teams. A cross-site scripting vulnerability exists in the admconfigreport.php page in MantisBT 1.2.16 and later versions, which can be exploited to inject script or HT...