EUVD-2026-15885

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows DOM-Based XSS.This issue affects WP Custom Admin Interface: from n/a through = 7.42...

PT-2026-28035

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows DOM-Based XSS.This issue affects WP Custom Admin Interface: from n/a through = 7.42...

EUVD-2026-5296

Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through = 7.41...

CVE-2013-7476

The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface...

EUVD-2025-205975

Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through 7.40...

Appointment Hour Booking <= 1.1.45 - Stored Cross-Site Scripting (XSS)

It is possible for an unauthenticated user to inject malicious JavaScript into a booking form, which will then be executed when an authenticated user views the booking in the WordPress admin interface. PoC POST /booking-form/ HTTP/1.1 Host: test.local User-Agent: Mozilla/5.0 Macintosh; Intel Mac ...