17 matches found
CVE-2026-4131
The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.4. This is due to the settings form on the admin page wpoadminpage.php lacking nonce generation wpnoncefield and verification wpverifynonce/checkadminreferer. Thi...
EUVD-2019-7626
Malware in sbrugna...
PT-2025-27942 · Unknown · Wpo-Hr Ngg Smart Image Search
Name of the Vulnerable Software and Affected Versions: wpo-HR NGG Smart Image Search versions 3.4.1 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...
CVE-2019-17199
www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal for reading arbitrary files because of an unanchored regular expression, as demonstrated by the a.jpg\.. substring...
PT-2025-20127 · Unknown · Wpo-Hr Ngg Smart Image Search
Name of the Vulnerable Software and Affected Versions: wpo-HR NGG Smart Image Search versions 3.3.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacke...
CVE-2019-17199
www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal for reading arbitrary files because of an unanchored regular expression, as demonstrated by the a.jpg.. substring...
CVE-2019-17199
www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal for reading arbitrary files because of an unanchored regular expression, as demonstrated by the a.jpg.. substring...
Directory traversal
www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal for reading arbitrary files because of an unanchored regular expression, as demonstrated by the a.jpg.. substring...
CVE-2019-17199
CVE-2019-17199 affects WPO WebPageTest 19.04 on Windows via www/getfile.php, where an unanchored regular expression permits Directory Traversal (reading arbitrary files), as demonstrated by the a.jpg.. substring. The issue is triggered in the vulnerable file/component (getfile.php) and weaponizes...
CVE-2019-17199
www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal for reading arbitrary files because of an unanchored regular expression, as demonstrated by the a.jpg.. substring...
Server side request forgery (ssrf)
WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses such as 0300.0250 as a replacement for 192.168...
CVE-2019-12161
WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses such as 0300.0250 as a replacement for 192.168...
CVE-2019-12161
CVE-2019-12161: The issue affects WPO WebPageTest 19.04 and is due to ValidateURL in www/runtest.php not handling octal-encoded IPs (e.g., 0300.0250 representing 192.168), enabling SSRF. The connected Red Hat and OSV/PRION entries corroborate the SSRF description and reference the same around 201...
CVE-2017-6396
An issue was discovered in WPO-Foundation WebPageTest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "webpagetest-master/www/compare-cf.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerabl...
CVE-2017-6396
An issue was discovered in WPO-Foundation WebPageTest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "webpagetest-master/www/compare-cf.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerabl...
Authorization
An issue was discovered in WPO-Foundation WebPageTest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "webpagetest-master/www/compare-cf.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerabl...
CVE-2017-6396
An issue was discovered in WPO-Foundation WebPageTest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "webpagetest-master/www/compare-cf.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerabl...