WordPress plugin Sphere Manager 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2025-49219

The WP-SOS-Donate Donation Sidebar Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $ SERVER'PHP SELF' parameter in all versions up to, and including, 0.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

CVE-2025-7651

The Earnware Connect plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ewhasrole' shortcode in all versions up to, and including, 1.0.74 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

VulnCheck KEV: CVE-2024-55550

Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization. This vulnerability can be chained with CVE-2024-41713, which allows an unauthenticated,...

Campcodes Coffee Shop POS System 跨站脚本漏洞

Campcodes Coffee Shop POS System is a coffee shop POS system from Campcodes. A cross-site scripting vulnerability exists in Campcodes Coffee Shop POS System v1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the firstname parameter of the Users.php file,...