10 matches found
WordPress Subscribe to Unlock Lite plugin <= 1.3.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin Subscribe to Unlock Lite versions = 1.3.0...
WordPress plugin Subscribe to Unlock Lite 安全漏洞
...
CVE-2025-58865
CVE-2025-58865 is a CSRF vulnerability in the WordPress plugin Compact Admin affecting versions from and including some unknown earlier “n/a” up to 1.3.0 . The issue enables cross-site requests to be executed on behalf of an authenticated user, as described in multiple sources. CVSS base score is...
@active-mdx/core (>=0.2.0 <=0.9.6), @allenlee/remark-mdx-frontmatter (=3.1.2) +290 more potentially affected by CVE-2025-32014 via estree-util-value-to-estree (>=1.3.0 <=3.3.2)
estree-util-value-to-estree NPM version =1.3.0, =0.2.0, =0.0.1-alpha.1, =0.1.0, =0.0.1, =0.0.6, =0.0.0-rc-20220721064837, =0.1.3, =0.1.3, =0.1.3, =0.1.3, =0.9.1, =1.0.0 and more Source cves: CVE-2025-32014 Source advisory: OSV:GHSA-F7F6-9JQ7-3RQJ...
PT-2024-39320 · WordPress · Confetti Fall Animation
Name of the Vulnerable Software and Affected Versions: Confetti Fall Animation plugin for WordPress versions up to, and including, 1.3.0 Description: The issue is related to Stored Cross-Site Scripting in the Confetti Fall Animation plugin for WordPress. This is due to insufficient input...
DEBIAN-CVE-2024-8372
Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects AngularJS versions 1.3.0-rc.4 and...
node-server path traversal vulnerability
node-server is an adapter that allows users to run Hono applications on Node.js. A path traversal vulnerability exists in node-server version 1.3.0 through versions prior to 1.4.1, which stems from an inability to resolve double dots in a URL...
com.webank.wedatasphere.dss:dolphinscheduler-prod-metrics (>=1.1.0 <=1.2.2), org.apache.dolphinscheduler:dolphinscheduler-api (>=1.3.0 <=3.0.6) +8 more potentially affected by CVE-2023-49620 via org.apache.dolphinscheduler:dolphinscheduler-service (>=1.3.0 <=3.0.6)
org.apache.dolphinscheduler:dolphinscheduler-service MAVEN version =1.3.0, =1.1.0, =1.3.0, =2.0.0, =3.0.0, =3.0.0, =2.0.2, =1.3.0, =1.3.6, =1.3.9, =3.0.0, =3.0.6 Source cves: CVE-2023-49620 Source advisory: OSV:GHSA-R44Q-98GX-PMH2...
PT-2023-11378 · WordPress · Funnel Builder
Name of the Vulnerable Software and Affected Versions: Funnel Builder plugin for WordPress versions up to, and including, 1.3.0 Description: The issue is related to authorization bypass due to a missing capability check on the activate plugin function. This allows authenticated attackers to...
PT-2005-4231 · Archilles · Archilles Newsworld
Name of the Vulnerable Software and Affected Versions: Archilles Newsworld versions up to 1.3.0 Description: The issue allows attackers to bypass authentication by obtaining the password hash for another user and specifying the hash in the pwd argument. This can be achieved, for example, through...