14 matches found
MStore API <= 3.9.1 - Authentication Bypass
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated...
WordPress WP Post Author plugin <= 3.9.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by hhhai in WordPress Plugin WP Post Author versions = 3.9.1...
CVE-2026-24611
Unauthenticated Broken Access Control in MetForm Pro = 3.9.1 versions...
JeecgBoot 访问控制错误漏洞
JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier contain an access control vulnerability. This vulnerability stems from improper handling of the LoginController.selectDepart function in the sys/...
JeecgBoot 注入漏洞
JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier contained an injection vulnerability. This vulnerability stemmed from the parameter keyword in the SqlInjectionUtil function of the component.loadDi...
WordPress plugin Image Source Control Lite – Show Image Credits and Captions 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Smartsupp – live chat, AI shopping assistant and chatbots 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2025-60040
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fkrauthan wp-mpdf wp-mpdf allows Stored XSS.This issue affects wp-mpdf: from n/a through = 3.9.1...
CVE-2025-60040
CVE-2025-60040 is a Stored XSS in the WordPress plugin wp-mpdf. Affected software: wp-mpdf up to version 3.9.1 (authentication required). The issue arises from improper input neutralization during web page generation, enabling stored malicious script execution in the context of vulnerable sites. ...
PT-2024-31909 · Unknown · Gdidees Cms
Name of the Vulnerable Software and Affected Versions: GDidees CMS versions 3.9.1 and earlier Description: A file upload vulnerability exists in the software. This issue allows for malicious file uploads, potentially leading to security breaches. Recommendations: For versions 3.9.1 and earlier,...
WordPress WP Ultimate Post Grid plugin <= 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Krzysztof Zając in WordPress Plugin WP Ultimate Post Grid versions = 3.9.1...
WordPress plugin Event Registration Calendar By vcita 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2022-33874
An improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in SSH login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the...
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.7.0 <=3.9.1), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.7.0 <=3.9.1) +1 more potentially affected by CVE-2017-8032 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.7.0 <=3.9.1)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.7.0, =3.7.0, =3.7.0, =3.7.0, =3.9.1 Source cves: CVE-2017-8032 Source advisory: OSV:GHSA-9FRW-WMVQ-5RRC...