7 matches found
EUVD-2025-208918
The Invelity Product Feeds plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 1.2.6. This is due to missing validation and sanitization in the 'createManageFeedPage' function. This makes it possible for authenticated...
WordPress plugin Automattic Developer 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...
CVE-2025-58836 WordPress FW Anker Plugin <= 1.2.6 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Franz Wieser FW Anker fw-anker allows Stored XSS.This issue affects FW Anker: from n/a through = 1.2.6...
WordPress LTL Freight Quotes - TQL Edition Plugin <= 1.2.6 - PHP Object Injection Vulnerability
WordPress LTL Freight Quotes - TQL Edition Plugin = 1.2.6 - PHP Object Injection Vulnerability discovered by mcdruid in WordPress Plugin LTL Freight Quotes - TQL Edition versions = 1.2.6...
PT-2025-2645 · Unknown · Themeglow Jobboard
Name of the Vulnerable Software and Affected Versions: ThemeGlow JobBoard Job listing versions 1.2.6 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can be exploited by uploading a...
PT-2023-32141 · WordPress · Imagemapper
Name of the Vulnerable Software and Affected Versions: ImageMapper plugin for WordPress versions up to, and including, 1.2.6 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the 'imagemap' shortcode, allowing authenticated...
ai.deepsense:seahorse-executor-commons_2.11 (>=1.4.2 <=1.4.3), ai.deepsense:seahorse-executor-deeplang_2.11 (>=1.4.2 <=1.4.3) +505 more potentially affected by CVE-2018-18855 via io.spray:spray-json_2.11 (>=1.2.6 <=1.3.4)
io.spray:spray-json2.11 MAVEN version =1.2.6, =1.4.2, =1.4.2, =1.4.2, =1.4.2, =1.4, =1.0, =0.1.3, =0.1.14, =1.0.0, =0.1.0, =0.5.0, =0.11.1, =0.15.2, =0.5.0, =0.0.8, =0.0.12 and more Source cves: CVE-2018-18855 Source advisory: OSV:GHSA-WW3V-6XJF-JV28...