65 matches found
CVE-2026-1913
The Gallagher Website Design plugin for WordPress is affected by a Stored Cross-Site Scripting (XSS) vulnerability via the login_link shortcode, present in all versions up to and including 2.6.4. The issue stems from insufficient input sanitization and output escaping on the 'prefix' attribute, a...
CVE-2026-1913
The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's loginlink shortcode in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the 'prefix' attribute. This makes it possible for...
CVE-2026-1913 Gallagher Website Design <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'prefix' Shortcode Attribute
The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's loginlink shortcode in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the 'prefix' attribute. This makes it possible for...
CVE-2026-1913 Gallagher Website Design <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'prefix' Shortcode Attribute
The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's loginlink shortcode in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the 'prefix' attribute. This makes it possible for...
WordPress plugin Gallagher Website Design 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2025-6397
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ankara Hosting Website Design Website Software allows Reflected XSS.This issue affects Website Software: through 03022026. NOTE: The vendor was contacted early about this disclosure but did...
CVE-2025-6397
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ankara Hosting Website Design Website Software allows Reflected XSS.This issue affects Website Software: through 03022026. NOTE: The vendor was contacted early about this disclosure but did...
CVE-2025-6397 XSS in Ankara Hosting's web site
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ankara Hosting Website Design Website Software allows Reflected XSS.This issue affects Website Software: through 03022026. NOTE: The vendor was contacted early about this disclosure but did...
EUVD-2025-206769
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ankara Hosting Website Design Website Software allows Reflected XSS.This issue affects Website Software: through 03022026. NOTE: The vendor was contacted early about this disclosure but did...
PT-2026-5942
Name of the Vulnerable Software and Affected Versions Ankara Hosting Website Design Website Software version 03022026 Description The software contains a Reflected Cross-site Scripting XSS issue due to improper neutralization of input during web page generation. This allows an attacker to inject...
EUVD-2022-15528
Malicious code in bioql PyPI...
EUVD-2025-31357
Malicious code in bioql PyPI...
CVE-2025-6396
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Webbeyaz Website Design Website Software allows Cross-Site Scripting XSS.This issue affects Website Software: through 2025.07.14...
CVE-2025-6396
CVE-2025-6396 affects Webbeyaz Website Design Website Software (versions through 2025.07.14). The root cause is improper neutralization of input during web page generation, leading to cross-site scripting (XSS). The CVSS–3.1 vector indicates NETWORK access, LOW attack complexity, no privileges re...
CVE-2025-6396 XSS in Webbeyaz's web site
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Webbeyaz Website Design Website Software allows Cross-Site Scripting XSS.This issue affects Website Software: through 2025.07.14...
PT-2025-39645
Name of the Vulnerable Software and Affected Versions Webbeyaz Website Design Website Software versions through 2025.07.14 Description A flaw exists in Webbeyaz Website Design Website Software that allows for Cross-Site Scripting XSS. This issue is due to improper neutralization of input during w...
CVE-2022-0377
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the...
E-commerce Website Design: How to Build a Successful Online Store in 2023
By Owais Sultan When setting up an E-commerce store, keep two things in mind: website design and mobile friendliness Remember the… This is a post from HackRead.com Read the original post: E-commerce Website Design: How to Build a Successful Online Store in 2023...
bradentonwebsitedesign.com Cross Site Scripting vulnerability OBB-3365199
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2022-0377
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the...