Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media Organizer & Lightroom).This issue affects Photo Engine (Media Organizer & Lightroom): from n/a through...
5.4CVSS
5.5AI Score
0.0004EPSS
A vulnerability has been found in j-nowak workout-organizer and classified as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. The patch is identified as 13cd6c3d1210640bfdb39872b2bb3597aa991279. It is recommended to apply a patch to fix this issue....
9.8CVSS
9.7AI Score
0.002EPSS
The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a...
8.8CVSS
8.7AI Score
0.001EPSS
Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in WooPlugins.co's Homepage Product Organizer for WooCommerce plugin <= 1.1 at...
9.1CVSS
9.2AI Score
0.001EPSS
Directory traversal in the Media File Organizer (aka media-file-organizer) plugin 1.0.1 for WordPress lets an attacker get access to files that are stored outside the web root folder via the items[] parameter in a move...
8.6CVSS
8.4AI Score
0.004EPSS
The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-general.php manage_font_id...
6.1CVSS
6.3AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in organizer/page/users.php in the Organizer plugin 1.2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) delete_id parameter or (2) extension parameter in an "Update Setting" action to...
6AI Score
0.001EPSS
The Organizer plugin 1.2.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors to (1) plugin_hook.php, (2) page/index.php, (3) page/dir.php (4) page/options.php, (5) page/resize.php, (6) page/upload.php, (7) page/users.php, or (8)...
6.9AI Score
0.003EPSS
SQL injection vulnerability in address_book/contacts.php in My Kazaam Address & Contact Organizer allows remote attackers to execute arbitrary SQL commands via the var1...
8.7AI Score
0.001EPSS
Butterfly Organizer 2.0.0 allows remote attackers to (1) delete arbitrary categories via a modified tablehere parameter to category-delete.php with the is_js_confirmed parameter set to 1, or (2) delete arbitrary accounts via the mytable parameter to...
7AI Score
0.02EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Butterfly Organizer 2.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) mytable parameter to view.php, (2) mytable parameter to viewdb2.php, (3) tablehere parameter to category-rename.php, and (4) letter parameter...
5.9AI Score
0.002EPSS
SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 allows remote attackers to execute arbitrary SQL commands via the mytable parameter. NOTE: the id vector is covered by another CVE...
8.7AI Score
0.001EPSS
SQL injection vulnerability in view.php in Butterfly Organizer 2.0.0 and 2.0.1 allows remote attackers to execute arbitrary SQL commands via the id...
8.7AI Score
0.001EPSS
Multiple SQL injection vulnerabilities in Photo Organizer (PO) 2.32b and earlier allow remote attackers to execute arbitrary SQL commands via unspecified...
8.9AI Score
0.004EPSS
Photo Organizer 2.32b and earlier does not properly check the ownership of certain objects, which allows remote attackers to gain unauthorized access via vectors related to (1) camera del, (2) camera edit, (3) folder/album deletion, (4) photo.move, (5) content.indexer, (6) folder.content, and...
7.3AI Score
0.017EPSS
SQL injection vulnerability in Blue Smiley Organizer before 4.46 allows remote attackers to execute arbitrary SQL commands via unspecified...
8.8AI Score
0.003EPSS
Unspecified vulnerability in the file upload module in Blue Smiley Organizer before 4.45 has unknown impact and attack...
7AI Score
0.004EPSS