7 matches found
PT-2026-48276
Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-27097
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes CasaMia | Property Rental Real Estate WordPress Theme casamia allows PHP Local File Inclusion.This issue affects CasaMia | Property Rental Real Estate WordPress Them...
@achinet/nestjs-async (>=0.1.0 <=0.2.0), @aligov/clark-core (>=3.0.0 <=3.0.1) +37 more potentially affected by unknown CVE via @asyncapi/generator-react-sdk (>=1.1.2 <=1.1.3)
@asyncapi/generator-react-sdk NPM version =1.1.2, =0.1.0, =3.0.0, =4.1.3, =0.24.0, =1.10.14, =0.2.0, =0.1.0, =1.0.0, =0.2.2, =1.3.3, =2.0.0, =0.16.0, =0.16.23 - @asyncapi/template-dart-websocket-client =0.0.1 - @asyncapi/template-java-websocket-quarkus =0.0.1 -...
CVE-2023-34011
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in ShopConstruct plugin = 1.1.2 versions...
WordPress plugin Better WP Login Page 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...
WordPress Novo-Map : your WP posts on custom google maps Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Novo-Map : your WP posts on custom google maps Type Plugin Vulnerable versions = 1.1.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46190 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d805e0cb863...
GHSA-XG77-XQHQ-CRPR Stored XSS vulnerability in Code Coverage API Plugin
Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view. This results in a stored cross-site scripting vulnerability that can be exploited by users able to change the job configuration. Code Coverage API Plugin 1.1.3 escapes the filename of...