Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Osamaesh WP Visitor Statistics (Real Time Traffic).This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through...
5.3CVSS
7.1AI Score
0.0004EPSS
A vulnerability, which was classified as critical, was found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file course_ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been....
9.8CVSS
7.9AI Score
0.001EPSS
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through...
8.8CVSS
7.4AI Score
0.001EPSS
The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in.....
7.5CVSS
8AI Score
0.002EPSS
The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in...
6.1CVSS
6AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.10.13...
5.4CVSS
7.4AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.03.08...
8.8CVSS
7.2AI Score
0.001EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ByConsole WooODT Lite – WooCommerce Order Delivery or Pickup with Date Time Location plugin <= 2.4.6...
6.1CVSS
6AI Score
0.0005EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading.....
8.8CVSS
7.3AI Score
0.001EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nigauri Insert Estimated Reading Time plugin <= 1.2...
4.8CVSS
5.2AI Score
0.0004EPSS
All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...
6.1CVSS
6.6AI Score
0.001EPSS
A vulnerability was found in GZ Scripts Time Slot Booking Calendar PHP 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. The attack.....
6.1CVSS
6.1AI Score
0.001EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Order date, Order pickup, Order date time, Pickup Location, delivery date for WooCommerce plugin <= 3.0.19...
4.8CVSS
4.8AI Score
0.0004EPSS
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.05.04...
5.4CVSS
5.2AI Score
0.0004EPSS
SAP NetWeaver (Design Time Repository) - version 7.50, returns an unfavorable content type for some versioned files, which could allow an authorized attacker to create a file with a malicious content and send a link to a victim in an email or instant message. Under certain circumstances, this...
5.4CVSS
5.3AI Score
0.0004EPSS
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection...
9.8CVSS
9.9AI Score
0.031EPSS
The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in...
4.8CVSS
4.8AI Score
0.001EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Codebangers All in One Time Clock Lite plugin <= 1.3.320...
4.8CVSS
4.8AI Score
0.0005EPSS
The Time Sheets WordPress plugin before 1.29.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
4.8CVSS
4.8AI Score
0.001EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodePeople WP Time Slots Booking Form plugin <= 1.1.81...
4.8CVSS
4.8AI Score
0.001EPSS
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and...
5.3CVSS
5.4AI Score
0.002EPSS
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.5 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting...
5.4CVSS
5.4AI Score
0.001EPSS
7.8CVSS
7.9AI Score
0.002EPSS
Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or...
6.1CVSS
6.4AI Score
0.001EPSS
Screen Creator Advance2, HMI GC-A2 series, and Real time remote monitoring and control tool Screen Creator Advance2 versions prior to Ver.0.1.1.3 Build01, HMI GC-A2 series(GC-A22W-CW, GC-A24W-C(W), GC-A26W-C(W), GC-A24, GC-A24-M, GC-A25, GC-A26, and GC-A26-J2), and Real time remote monitoring and.....
7CVSS
7AI Score
0.0004EPSS
The Daily Prayer Time WordPress plugin before 2022.03.01 does not sanitise and escape the month parameter before using it in a SQL statement via the get_monthly_timetable AJAX action (available to unauthenticated users), leading to an unauthenticated SQL...
9.8CVSS
9.8AI Score
0.04EPSS
Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and...
5.3CVSS
5.2AI Score
0.001EPSS
The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is...
4.8CVSS
4.7AI Score
0.001EPSS
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL...
8.8CVSS
8.9AI Score
0.001EPSS
The StatCounter WordPress plugin before 2.0.7 does not sanitise and escape the Project ID and Secure Code settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is...
4.8CVSS
4.8AI Score
0.001EPSS
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.5 does not have authorisation and CSRF checks in the updateIpAddress AJAX action, allowing any authenticated user to call it, or make a logged in user do it via a CSRF attack and add an arbitrary IP address to exclude....
5.4CVSS
5.2AI Score
0.001EPSS
The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site...
6.1CVSS
6AI Score
0.001EPSS
Changing MOTP (Mobile One Time Password) system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without...
8.8CVSS
8.8AI Score
0.001EPSS
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection...
8.8CVSS
8.8AI Score
0.021EPSS
3.3CVSS
4.3AI Score
0.001EPSS
3.3CVSS
4.3AI Score
0.001EPSS
6.6CVSS
6.5AI Score
0.001EPSS
6.6CVSS
6.5AI Score
0.001EPSS
6.6CVSS
6.5AI Score
0.001EPSS
3.3CVSS
4.3AI Score
0.001EPSS
The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before using it in a SQL statement, leading to an SQL injection...
8.8CVSS
8.9AI Score
0.001EPSS
The MX Time Zone Clocks WordPress plugin before 3.4.1 does not escape the time_zone attribute of the mxmtzc_time_zone_clocks shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting...
5.4CVSS
5.2AI Score
0.001EPSS
The Daily Prayer Time WordPress plugin before 2021.08.10 does not sanitise or escape some of its settings before outputting them in the page, leading to Authenticated Stored Cross-Site Scripting...
5.4CVSS
5.2AI Score
0.001EPSS
In the project create screen it's possible to inject malicious JS code to the certain fields. The code might be executed in the Reporting screen. This issue affects: OTRS AG Time Accounting: 7.0.x versions prior to...
5.4CVSS
5.5AI Score
0.001EPSS
Vulnerability in the Oracle Time and Labor product of Oracle E-Business Suite (component: Timecard). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Time and....
8.1CVSS
7.7AI Score
0.001EPSS
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Visitor Traffic Real Time Statistics WordPress plugin before 2.12, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog,.....
8.8CVSS
8.7AI Score
0.001EPSS
Vulnerability in the Oracle Time and Labor product of Oracle E-Business Suite (component: Timecard). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Time and....
8.1CVSS
8.1AI Score
0.001EPSS
date-and-time is an npm package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of service. This is fixed in version...
7.5CVSS
7.3AI Score
0.002EPSS
In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires the user to set any environment variable in a different thread than the affected functions. The affected...
5.3CVSS
5AI Score
0.001EPSS
SAP NetWeaver Design Time Repository (DTR), versions - 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS)...
4.8CVSS
6.2AI Score
0.001EPSS