CVE-2025-13656 Cute News Ticker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute

The Cute News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

PT-2025-47144

Name of the Vulnerable Software and Affected Versions Nero Social Networking Site version 1.0 Description A SQL injection issue exists in Nero Social Networking Site version 1.0. The issue is located in the /profilefriends.php file, within an unknown function. Manipulation of the ID parameter can...

Code-Projects AVL Rooms 安全漏洞

Code-Projects AVL Rooms is an AVL room system from Code-Projects open source. A security vulnerability exists in Code-Projects AVL Rooms version 1.0, which stems from SQL injection due to incorrect manipulation of the parameter firstname in the file /profile.php...

CVE-2024-13592

The Team Builder For WPBakery Page BuilderFormerly Visual Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via the 'team-builder-vc' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above,...

School Event Management System 安全漏洞

School Event Management System is a school event management system. A security vulnerability exists in School Event Management System version 1.0. The vulnerability can be exploited to send a specially crafted JavaScript load to a user to take over their browser session via the "id" and "view in...

Petrol Pump Management Software Cross-Site Scripting Vulnerability

Petrol Pump Management Software is a gasoline pump management software by mayurik individual developer. A cross-site scripting vulnerability exists in Petrol Pump Management Software version 1.0, which stems from a cross-site scripting issue in the /admin/app/profilecrud.php file...

SourceCodester Employee Management System SQL Injection Vulnerability

SourceCodester Employee Management System is a php-based website builder for employee performance management from SourceCodester. A SQL injection vulnerability exists in SourceCodester Employee Management System version 1.0, which is caused by a sql injection in the txtusername parameter of...

Code-Projects Blood Bank SQL Injection Vulnerability

Code-Projects Blood Bank is a blood bank system for the Code-Projects project. A security vulnerability exists in Code-Projects Blood Bank version 1.0, which originates from a SQL injection vulnerability in the parameter recmail of the file receiverReg.php...

Bug Finder MineStack 跨站脚本漏洞

Bug Finder MineStack is a digital mining platform from Bug Finder, Inc. A cross-site scripting vulnerability exists in Bug Finder MineStack version 1.0, which stems from some unknown processing in the file /user/ticket/create in the component Ticket Handler, leading to cross-site scripting via th...

Best POS Management System SQL注入漏洞

Best pos management system is a best pos management system by Mayuri K. Personal developer. A security vulnerability exists in Best POS Management System version 1.0, which originates from a SQL injection vulnerability via the id parameter in /kruxton/manageuser.php...