34 matches found
CVE-2026-1075
The ZT Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to improper nonce validation on the saveztcptcaptchasettings action where the nonce check can be bypassed by sending an empty token value. This makes it possibl...
CVE-2026-1075
The ZT Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to improper nonce validation on the saveztcptcaptchasettings action where the nonce check can be bypassed by sending an empty token value. This makes it possibl...
CVE-2026-1075
CVE-2026-1075 – ZT Captcha (WordPress) : The WordPress plugin is vulnerable to Cross-Site Forgery (CSRF) in all versions up to 1.0.4 due to improper nonce validation on the save_ztcpt_captcha_settings action. This allows unauthenticated attackers to modify plugin settings via a forged request if ...
CVE-2026-1075 ZT Captcha <= 1.0.4 - Cross-Site Request Forgery to Settings Update
The ZT Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to improper nonce validation on the saveztcptcaptchasettings action where the nonce check can be bypassed by sending an empty token value. This makes it possibl...
CVE-2026-1075 ZT Captcha <= 1.0.4 - Cross-Site Request Forgery to Settings Update
The ZT Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to improper nonce validation on the saveztcptcaptchasettings action where the nonce check can be bypassed by sending an empty token value. This makes it possibl...
WordPress ZT Captcha plugin <= 1.0.4 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin ZT Captcha versions = 1.0.4...
WordPress plugin ZT Captcha has a cross-site request forgeing vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Malicious code in mis-zt (npm)
The package mis-zt was found to contain malicious code...
MAL-2025-26478 Malicious code in mis-zt (npm)
The package mis-zt was found to contain malicious code...
CVE-2025-4541
A vulnerability classified as critical has been found in LmxCMS 1.41. Affected is the function manageZt of the file c\admin\ZtAction.class.php of the component POST Request Handler. The manipulation of the argument sortid leads to sql injection. It is possible to launch the attack remotely. The...
K64709522: Multiple Zip Slip vulnerabilities
Security Advisory Description CVE-2018-1002200 plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...
GHSA-QCF3-9VMH-XW4R Improper Limitation of a Pathname to a Restricted Directory in zt-zip
zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...
Improper Limitation of a Pathname to a Restricted Directory in zt-zip
zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...
cc.kebei:onion-expands-compress (>=3.0.0 <=3.0.6), com.aftia.plugin:aem-build-maven-plugin.core (>=1.1.1 <=1.2.2) +90 more potentially affected by CVE-2018-1002201 via org.zeroturnaround:zt-zip (>=1.10 <=1.12)
org.zeroturnaround:zt-zip MAVEN version =1.10, =3.0.0, =1.1.1, =5.0, =2.1.6, =3.6.1, =0.1.4, =1.0.3, =1.0.0, =1.0, =1.1 and more Source cves: CVE-2018-1002201 Source advisory: OSV:GHSA-QCF3-9VMH-XW4R...
SQL Injection Vulnerability in ZZCMS Backend zt***_se***.php File
zzcms is a PHP and MYSQL based CMS. A SQL injection vulnerability exists in the ztse.php file in the backend of ZZCMS, which can be exploited by attackers to obtain sensitive information from the database...
ZZCMS SQL Injection Vulnerability (CNVD-2018-15848)
ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A SQL injection vulnerability exists in line 5 of the zt/top.php file in ZZCMS 8.3 and earlier versions. A remote attacker can exploit this vulnerability by running ZZCMS in nginx to execute arbitrary SQL...
CVE-2018-1000653
zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx. This attack appear to be exploitable via running zzcms in nginx...
Sql injection
zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx. This attack appear to be exploitable via running zzcms in nginx...
CVE-2018-14962
zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php...
CVE-2018-14962
zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php...