Responsive Pricing Table <= 5.1.12 - Cross-Site Scripting

The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'planicons' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...

WordPress Responsive Pricing Table plugin <= 5.1.12 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Responsive Pricing Table versions = 5.1.12...

EUVD-2020-13418

Malware in sbrugna...

WordPress Benaa Framework plugin <= 4.0.0 - Authenticated (Subscriber+) Arbitrary File Upload

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Lucio Sá in WordPress Plugin Benaa Framework versions = 4.0.0...

WordPress Auteur Framework plugin <= 7.1 - Authenticated (Subscriber+) Arbitrary File Upload

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Lucio Sá in WordPress Plugin Auteur Framework versions = 7.1...

WordPress Beyot Framework plugin <= 6.0.6 - Authenticated (Subscriber+) Arbitrary File Upload

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Lucio Sá in WordPress Plugin Beyot Framework versions = 6.0.6...

WordPress April Framework plugin <= 5.1 - Authenticated (Subscriber+) Arbitrary File Upload

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Lucio Sá in WordPress Plugin April Framework versions = 5.1...

CVE-2024-13418

Multiple plugins and/or themes for WordPress are vulnerable to Arbitrary File Uploads due to a missing capability check on the ajaxUploadFonts function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files that c...

CVE-2024-13418

Multiple plugins and/or themes for WordPress are vulnerable to Arbitrary File Uploads due to a missing capability check on the ajaxUploadFonts function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files that c...

CVE-2024-13418 Smart Framework <= Multiple Plugins - Authenticated (Subscriber+) Arbitrary File Upload

Multiple plugins and/or themes for WordPress are vulnerable to Arbitrary File Uploads due to a missing capability check on the ajaxUploadFonts function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files that c...

CVE-2024-13418 Smart Framework <= Multiple Plugins - Authenticated (Subscriber+) Arbitrary File Upload

Multiple plugins and/or themes for WordPress are vulnerable to Arbitrary File Uploads due to a missing capability check on the ajaxUploadFonts function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files that c...

CVE-2020-13418

CVE-2020-13418 affects OpenIAM prior to 4.2.0.3, where the vulnerability is a cross-site scripting (XSS) issue in the Add New User feature. Multiple connected sources (NVD/NVDC CNVD/CNNVD) confirm the impact as XSS in that feature and version range, but they do not provide exploit details, affect...

CVE-2019-13418

Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized...

CVE-2019-13418

Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized...

CVE-2019-13418

CVE-2019-13418 concerns floragunn Search Guard (for Elasticsearch/ELK) prior to version 24.0, where string-array values in documents were not properly anonymized. The underlying issue affects confidentiality, as sensitive data could be exposed due to inadequate anonymization. Public references fr...

CVE-2018-13418

TerraMaster TOS 3.1.03 contains a remote command injection in ajaxdata.php via the newname parameter, enabling attackers to execute system commands. This CVE (CVE-2018-13418) affects TerraMaster TOS versions