CVE-2026-4131

The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.4. This is due to the settings form on the admin page wpoadminpage.php lacking nonce generation wpnoncefield and verification wpverifynonce/checkadminreferer. Thi...

EUVD-2019-7626

Malware in sbrugna...

PT-2025-27942 · Unknown · Wpo-Hr Ngg Smart Image Search

Name of the Vulnerable Software and Affected Versions: wpo-HR NGG Smart Image Search versions 3.4.1 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

CVE-2019-17199

www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal for reading arbitrary files because of an unanchored regular expression, as demonstrated by the a.jpg\.. substring...

PT-2025-20127 · Unknown · Wpo-Hr Ngg Smart Image Search

Name of the Vulnerable Software and Affected Versions: wpo-HR NGG Smart Image Search versions 3.3.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacke...

CVE-2019-17199

www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal for reading arbitrary files because of an unanchored regular expression, as demonstrated by the a.jpg.. substring...

CVE-2019-17199

www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal for reading arbitrary files because of an unanchored regular expression, as demonstrated by the a.jpg.. substring...

Directory traversal

www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal for reading arbitrary files because of an unanchored regular expression, as demonstrated by the a.jpg.. substring...

CVE-2019-17199

www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal for reading arbitrary files because of an unanchored regular expression, as demonstrated by the a.jpg.. substring...

CVE-2019-17199

CVE-2019-17199 affects WPO WebPageTest 19.04 on Windows via www/getfile.php, where an unanchored regular expression permits Directory Traversal (reading arbitrary files), as demonstrated by the a.jpg.. substring. The issue is triggered in the vulnerable file/component (getfile.php) and weaponizes...

Server side request forgery (ssrf)

WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses such as 0300.0250 as a replacement for 192.168...

CVE-2019-12161

WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses such as 0300.0250 as a replacement for 192.168...

CVE-2019-12161

CVE-2019-12161: The issue affects WPO WebPageTest 19.04 and is due to ValidateURL in www/runtest.php not handling octal-encoded IPs (e.g., 0300.0250 representing 192.168), enabling SSRF. The connected Red Hat and OSV/PRION entries corroborate the SSRF description and reference the same around 201...

CVE-2017-6396

An issue was discovered in WPO-Foundation WebPageTest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "webpagetest-master/www/compare-cf.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerabl...

CVE-2017-6396

An issue was discovered in WPO-Foundation WebPageTest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "webpagetest-master/www/compare-cf.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerabl...

Authorization

An issue was discovered in WPO-Foundation WebPageTest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "webpagetest-master/www/compare-cf.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerabl...

CVE-2017-6396

An issue was discovered in WPO-Foundation WebPageTest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "webpagetest-master/www/compare-cf.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerabl...