EUVD-2026-33851

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...

CVE-2026-9048

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...

CVE-2026-9048

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...

CVE-2026-9048

The Slider Revolution WordPress plugin is affected (versions 7.0.0–7.0.14). The vulnerability arises in the slider.get.full AJAX action, enabling authenticated attackers with Contributor-level access and higher to expose sensitive data stored in slider settings. Exposed data includes raw social m...

CVE-2026-9048 Slider Revolution 7.0.0 - 7.0.14 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...

PT-2026-45666

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...

EI Tube YouTube API 3 Cross Site Scripting

==================================================================================================================================== | Title : EI Tube YouTube API V3 site builder XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...

EI Tube YouTube API 3 SQL Injection

==================================================================================================================================== | Title : EI Tube YouTube API V3 site builder Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firef...

Broken Link Checker < 1.11.20 - Admin+ Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the Youtube API K...

Broken Link Checker < 1.11.20 - Admin+ Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the Youtube API Key...

Tutor LMS < 1.9.9 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the Plugin's Settings General "Error message for...

WP YouTube Lyte < 1.7.16 - Authenticated Stored XSS

The plugin did not sanitise or escape its lyteytapikey and lytenotification settings before outputting them back in the page, allowing high privilege users to set XSS payload on them and leading to stored Cross-Site Scripting issues. PoC PoC 1 | Authenticated Persistent XSS | Your YouTube API key...

Stripo Inc: Non-revoked API Key Disclosure in a Disclosed API Key Disclosure Report on Stripo

Summary: Can you imagine discovering an API key disclosure vulnerability in a disclosed API key disclosure report? The same thing is what I came across while going through the disclosed reports at Stripo Inc. Plus, the disclosed API key isn't even revoked, and therefore I am still able to use the...

EI-Tube 3 - SQL Injection

EI-Tube 3 - SQL Injection Exploit Title: PHP EI-Tube Script - Sql Injection Date: 2019-02-21 Exploit Author: Meisam Monsef - [email protected] Vendor Homepage: https://codecanyon.net/item/eitube-youtube-api-v3-site-builder/22722912?srank=17 Version: 3 Tested on: ubuntu special thanks : Alireza...

EI-Tube 3 SQL Injection

Exploit Title: PHP EI-Tube Script - Sql Injection Date: 2019-02-21 Exploit Author: Meisam Monsef - [email protected] Vendor Homepage: https://codecanyon.net/item/eitube-youtube-api-v3-site-builder/22722912?srank=17 Version: 3 Tested on: ubuntu special thanks : Alireza Noorkazemi - A-H - Akhzari...

XSS Vulnerability in Interactive YouTube API Demo Beta

XSS Vulnerability in Interactive YouTube API Demo Beta There is a Critical Cross site XSS Vulnerability in Interactive YouTube API Demo Beta, Discovered by various sources. One of the White Hat Hacker "Vansh Sharma" Inform us about this XSS Vulnerability with proof of concept. Proof Of Concept :...

XSS Vulnerability in Interactive YouTube API Demo Beta

XSS Vulnerability in Interactive YouTube API Demo Beta There is a Critical Cross site XSS Vulnerability in Interactive YouTube API Demo Beta, Discovered by various sources. One of the White Hat Hacker "Vansh Sharma " Inform us about this XSS Vulnerability with proof of concept. Proof Of Concept :...