9 matches found
EUVD-2026-27548
The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...
WordPress Perfmatters plugin <= 2.5.9 - Authenticated (Subscriber+) Arbitrary File Overwrite via 'snippets' Parameter vulnerability
Authenticated Subscriber+ Arbitrary File Overwrite via 'snippets' Parameter vulnerability discovered by hoshino in WordPress Plugin Perfmatters versions = 2.5.9...
CVE-2026-4351 Perfmatters <= 2.5.9 - Authenticated (Subscriber+) Arbitrary File Overwrite via 'snippets' Parameter
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...
WordPress Page Title Splitter plugin <= 2.5.9 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Page Title Splitter versions = 2.5.9...
PT-2025-44710
Name of the Vulnerable Software and Affected Versions WP Discourse plugin for WordPress versions through 2.5.9 Description The WP Discourse plugin for WordPress is susceptible to information disclosure. The plugin unconditionally transmits Discourse API credentials Api-Key and Api-Username header...
PT-2024-32694 · Eyecix · Eyecix Jobsearch
Name of the Vulnerable Software and Affected Versions: Eyecix JobSearch versions n/a through 2.5.9 Description: The issue is related to Deserialization of Untrusted Data, allowing Object Injection in Eyecix JobSearch. This enables potential remote attacks on affected systems. Recommendations: For...
Moodle allows attackers to obtain sensitive information
mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtai...
PT-2020-5675 · Ruby +9 · Ruby +10
Name of the Vulnerable Software and Affected Versions: Ruby versions prior to 2.5.9 Ruby versions 2.6.x through 2.6.6 Ruby versions 2.7.x through 2.7.1 Description: The issue is related to the WEBrick library in Ruby, which has a problem with incorrect checking of the header value. This can...
[SECURITY] [DSA 828-1] New squid packages fix denial of service
-------------------------------------------------------------------------- Debian Security Advisory DSA 828-1 [email protected] http://www.debian.org/security/ Martin Schulze September 30th, 2005 http://www.debian.org/security/faq -...