Zast.Ai

**Name of the Vulnerable Software and Affected Versions** StatCounter – Free Real Time Visitor Stats versions prior to 2.1.2 **Description** The plugin is subject to Stored Cross-Site Scripting, a flaw where malicious scripts are permanently stored on the target server. This occurs due to insufficient output escaping of the post author's nickname within the `statcounter addToTags()` function. The function, which is hooked to `wp head` and executes on every post page, retrieves the author's nickname using `the author meta()` and echoes it into a JavaScript double-quoted string context inside a `<script>` block without using `esc js()` or equivalent escaping. Consequently, authenticated attackers with Author-level access or higher can inject arbitrary web scripts that execute when any user, including unauthenticated visitors, views a post authored by the attacker. **Recommendations** Update the plugin to a version later than 2.1.1. As a temporary workaround, restrict users from having Author-level access or higher until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Splide Carousel Block versions prior to 1.7.2 **Description** The Splide Carousel Block plugin for WordPress contains a Stored Cross-Site Scripting issue caused by insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts through the `url` block attribute. These scripts execute when a user accesses the affected page. For the payload to execute for general site visitors, the post must first be approved and published by an editor or administrator. **Recommendations** Update the plugin to a version later than 1.7.1. As a temporary mitigation, restrict the ability of users with contributor-level access to modify the `url` block attribute.

**Name of the Vulnerable Software and Affected Versions** ByteDance verl versions prior to 0.7.1 **Description** A sandbox issue exists in the `math equal()` function within the `prime math/grader.py` file. This flaw allows for remote attacks, although the complexity is high and exploitability is considered difficult. **Recommendations** Update to a version newer than 0.7.0. As a temporary workaround, consider restricting the use of the `math equal()` function in the `prime math/grader.py` file.

Name of the Vulnerable Software and Affected Versions OpenClaw versions through 2026.1.26 Description A weakness exists in OpenClaw up to version 2026.1.26, specifically within the `assertPublicHostname Handler` functionality of the file `src/agents/tools/web-fetch.ts`. A manipulation can lead to server-side request forgery. The attack can be executed remotely and is characterized by high complexity, though exploitation is known to be difficult. The exploit has been made publicly available. Recommendations Upgrade to version 2026.1.29 or later, which includes the patch b623557a2ec7e271bda003eb3ac33fbb2e218505. Upgrade the affected component.

**Name of the Vulnerable Software and Affected Versions** elecV2 versions up to 3.8.3 **Description** A flaw exists in elecV2, specifically within the Endpoint component. Manipulation of the `filename` argument in a function related to the `/logs` file can lead to cross-site scripting. This issue is potentially exploitable remotely. The project was notified of the problem but has not yet responded. The exploit has been publicly disclosed. **Recommendations** Versions prior to 3.8.4 should be updated.

**Name of the Vulnerable Software and Affected Versions** elecV2 versions prior to 3.8.4 **Description** A flaw exists in elecV2, specifically in the `pm2run` function within the `/rpc` file. A manipulation of this function can lead to operating system command injection. This issue can be exploited remotely. The exploit has been published. **Recommendations** Update to version 3.8.4 or later. As a temporary workaround, consider restricting access to the `/rpc` file. Avoid using the `pm2run` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** elecV2 versions prior to 3.8.4 **Description** A code injection issue exists in the JSON Parser component due to manipulation of the `rawcode` argument within the `runJSFile` function of the `/webhook` file. Remote exploitation is possible. The project was informed of the issue but has not responded. **Recommendations** Update to version 3.8.4 or later.

**Name of the Vulnerable Software and Affected Versions** elecV2 elecV2P versions through 3.8.3 **Description** A server-side request forgery condition exists due to manipulation of the `req` argument within the `eAxios` function located in the `/mock` file of the URL Handler component. This allows for remote attacks. The project was notified of the issue but has not yet responded. The exploit is publicly available. **Recommendations** Versions prior to 3.8.4 should be updated. Consider temporarily disabling the `eAxios` function until a patch is available. Restrict access to the `/mock` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** elecV2 versions prior to 3.8.4 **Description** A path traversal issue exists due to the manipulation of the `path.join` function within the `/log/` file of the Wildcard Handler component. This allows for remote exploitation. The project was notified of the issue but has not yet responded. The exploit has been publicly disclosed. **Recommendations** Update to version 3.8.4 or later. As a temporary workaround, restrict access to the `/log/` file. Consider disabling the Wildcard Handler component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** elecV2 versions up to 3.8.3 **Description** A flaw exists in the function `path.join` within the file `/store/:key`. Manipulation of the `URL` argument can lead to path traversal, allowing for remote exploitation. The exploit has been publicly disclosed. The project was notified of the issue but has not yet responded. **Recommendations** Versions prior to 3.8.4 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Content Visibility for Divi Builder version 4.01 **Description** A contributor-controlled expression reaches the `eval()` function through real feature paths. More than 2,000 active installations are reported. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** zyddnys manga-image-translator versions through beta-0.3 **Description** A server-side request forgery condition exists in zyddnys manga-image-translator. The issue is located in the `to pil image` function within the `request extraction.py` file of the Translate Endpoints component. This manipulation can lead to server-side request forgery, and the attack can be initiated remotely. The exploit has been publicly disclosed. The project maintainers were notified of the issue but have not yet responded. **Recommendations** Versions prior to beta-0.3 should be used. As a temporary workaround, consider restricting access to the `to pil image()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** elecV2P versions through 3.8.3 **Description** A security issue exists in elecV2P that allows for code injection. The `runJSFile` function within the `wbjs.js` file, part of the `jsfile` Endpoint component, is susceptible to manipulation. This manipulation can lead to remote code execution. The exploit for this issue has been publicly disclosed. The project maintainers were notified of the problem but have not yet responded. **Recommendations** Versions through 3.8.3 should be updated when a fix becomes available. As a temporary workaround, consider disabling the `runJSFile()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Jcharis Machine-Learning-Web-Apps versions prior to a6996b634d98ccec4701ac8934016e8175b60eb5 **Description** A security issue exists in Jcharis Machine-Learning-Web-Apps. The `render template` function within the Jinja2 Template Handler component, located in the file Machine-Learning-Web-Apps-master/Build-n-Deploy-Flask-App-with-Waypoint/app/app.py, is susceptible to cross site scripting. This manipulation can be exploited remotely. The exploit is publicly available. The product utilizes a rolling release model, meaning specific version details for affected and updated releases are unavailable. The project was notified of the issue but has not yet responded. **Recommendations** Versions prior to a6996b634d98ccec4701ac8934016e8175b60eb5: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** xierongwkhd weimai-wetapp versions prior to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2 **Description** A security issue exists in xierongwkhd weimai-wetapp. The `getAdmins` function within the file source-code/src/main/java/com/moke/wp/wx weimai/controller/admin/Admin AdminUserController.java is susceptible to SQL injection. Manipulating the `keyword` argument can trigger this issue. Remote exploitation is possible. The exploit is publicly available. The software utilizes a rolling release model, meaning specific version details for affected or updated releases are not provided. The project maintainers were notified of the problem but have not yet responded. **Recommendations** Versions prior to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2: As a temporary workaround, consider restricting access to the `getAdmins` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** xierongwkhd weimai-wetapp versions up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2 **Description** A flaw exists in xierongwkhd weimai-wetapp. The issue affects the `getLikeMovieList` function within the file source-code/src/main/java/com/moke/wp/wx weimai/controller/HomeController.java of the Endpoint component. Manipulation of the `cat` argument can lead to SQL injection. The attack can be executed remotely. The exploit has been published. The product uses a rolling release model, meaning version information for affected or updated releases is unavailable. The project was notified of the issue but has not responded. **Recommendations** Versions up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Woahai321 ListSync versions up to 0.6.6 **Description** A server-side request forgery issue exists in Woahai321 ListSync. The problem affects the `requests.post` function within the `list-sync-main/api server.py` file, specifically in the JSON Handler component. Manipulation of this function can lead to server-side request forgery, and the attack can be carried out remotely. The exploit has been publicly disclosed. The project maintainers were informed of the issue but have not yet responded. **Recommendations** Versions up to 0.6.6 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LockerProject Locker versions 0.0.0 through 0.1.0 **Description** A security issue exists in LockerProject Locker. The `authIsAwesome` function within the Error Response Handler component, specifically in the file source-code/Locker-master/Ops/registry.js, is susceptible to cross-site scripting. Manipulation of the `ID` argument can lead to this issue. The attack can be initiated remotely. An exploit for this issue has been publicly released. The project maintainers were previously notified of the problem through an issue report but have not yet responded. **Recommendations** Versions 0.0.0 through 0.1.0 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** xuxueli xxl-job versions up to 3.3.2 **Description** A server-side request forgery condition exists in xuxueli xxl-job. The issue is located in the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java, affecting an unknown function. This allows for remote attacks. The project maintainer indicated that access token security verification is required to address the issue. **Recommendations** versions prior to 3.3.2 require access token security verification.

**Name of the Vulnerable Software and Affected Versions** Bytedesk versions up to 1.3.9 **Description** A server-side request forgery condition exists in Bytedesk. The issue is located in the `getModels` function within the `SpringAIOpenrouterRestController` component, specifically in the file source-code/src/main/java/com/bytedesk/ai/springai/providers/openrouter/SpringAIOpenrouterRestService.java. Manipulation of the `apiUrl` argument can lead to server-side request forgery. The exploit has been publicly disclosed. **Recommendations** Upgrade to version 1.4.5.4 to resolve this issue.