craftql 安全漏洞

Craftql is a server developed by Mark Huot, an individual developer, that provides GraphQL interfaces for the Craft CMS. Versions of Craftql 1.3.7 and earlier contained security vulnerabilities. These vulnerabilities stemmed from server-side request forgeing in the...

Exploit for Code Injection in Backupbliss Backup_Migration

🔥 CVE-2023-6553 — WordPress Backup Migration RCE Unauthen...

CVE-2025-68861

Missing Authorization vulnerability in pluginoptimizer Plugin Optimizer plugin-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin Optimizer: from n/a through = 1.3.7...

WordPress Dynamic AJAX Product Filters for WooCommerce plugin <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via name Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via name Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Dynamic AJAX Product Filters for WooCommerce versions = 1.3.7...

WordPress plugin Dynamic AJAX Product Filters for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress plugin Dynamic AJAX...

WordPress plugin HUSKY 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2025-25716 · Unknown · Meks Flexible Shortcodes

Name of the Vulnerable Software and Affected Versions: Meks Flexible Shortcodes versions 1.3.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This means that an attacker...

PT-2025-14185 · Unknown · Neteuro Turisbook Booking System

Name of the Vulnerable Software and Affected Versions: Neteuro Turisbook Booking System versions 1.3.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an...

PT-2024-30902 · Unknown · Temegum Gum Elementor Addon

Name of the Vulnerable Software and Affected Versions: TemeGUM Gum Elementor Addon versions 1.3.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...

WordPress WS Contact Form plugin <= 1.3.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by younsoung kim, SeoHyeon Lee, MyungJu Kim, SeoHee Kang in WordPress Plugin WS Contact Form versions = 1.3.7...

PT-2024-13993 · WordPress · Wpwax Legal Pages

Name of the Vulnerable Software and Affected Versions: wpWax Legal Pages versions 1.3.7 and earlier Description: The issue is related to Cross-Site Request Forgery CSRF and Incorrect Authorization in wpWax Legal Pages. This allows for unauthorized actions to be performed. Recommendations: For...

WordPress plugin Podlove Subscribe button 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2023-25479 WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Podlove Podlove Subscribe button plugin = 1.3.7 versions...

WordPress plugin 跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress eRoom-Zoom Meetings & Webinar plugin 1.3.7 an...

CVE-2021-36841

Authenticated Stored Cross-Site Scripting XSS vulnerability in YITH Maintenance Mode WordPress plugin versions = 1.3.7, vulnerable parameter &yithmaintenancenewslettersubmitlabel. Possible even when unfiltered HTML is disallowed by WordPress configuration...

PT-2013-2150 · Rack +1 · Rack +1

Name of the Vulnerable Software and Affected Versions: Rack versions 1.3.x through 1.3.7 Rack versions 1.4.x through 1.4.2 Description: The issue allows remote attackers to cause a denial of service, resulting in memory consumption and an out-of-memory error. This is achieved by sending a long...