WordPress Clik stats plugin <= 0.8 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Clikstats versions = 0.8...

CVE-2025-13513

creationtimestamp| type| source ---|---|--- 2025-12-04 06:34:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m75e4svufo2w...

CVE-2025-13513

The Clik stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-13513

The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2.3 via the logging functionality. This makes it possible for unauthenticated attackers to extract sensitive data including the plugin's...

CVE-2024-13513

creationtimestamp| type| source ---|---|--- 2025-02-15 07:34:52+00:00| seen| https://infosec.exchange/users/cve/statuses/114006746171699870 2025-02-15 08:15:30+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3li7bmj2giw2o 2025-02-15 08:48:20+00:00| seen|...

CVE-2024-13513

CVE-2024-13513 affects the Oliver POS – a WooCommerce WordPress plugin, with Sensitive Information Exposure via the plugin’s logging functionality in versions up to 2.4.2.3. Unauthenticated attackers could extract sensitive data (e.g., clientToken) from logs, enabling changes to user account info...

CVE-2024-13513 Oliver POS – A WooCommerce Point of Sale (POS) <= 2.4.2.3 - Sensitive Information Exposure to Privilege Escalation

The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2.3 via the logging functionality. This makes it possible for unauthenticated attackers to extract sensitive data including the plugin's...

CVE-2020-13513

creationtimestamp| type| source ---|---|--- 2020-12-18 22:44:13+00:00| seen| https://t.me/cibsecurity/21093...

CVE-2020-13513

A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause increased privileges. Using the IRP 0x9c40a0dc gives a low privilege user direct access to the OUT instruction that...

CVE-2020-13513

CVE-2020-13513 affects NZXT CAM 4.8.0 via the WinRing0x64 Driver Privileged I/O Write IRPs. The vulnerability arises from an IRP (0x9c40a0dc) that allows a low-privilege user to execute OUT instructions at an elevated privilege level, enabling privilege escalation. The TALOS report confirms the p...

NZXT CAM WinRing0x64 Driver Privileged I/O Write IRPs Privilege Escalation Vulnerability

Summary A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause increased privileges. An attacker can send a malicious IRP to trigger this vulnerability. Tested Versions...

CVE-2019-13513

In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger multiple out-of-bounds read vulnerabilities, which may allow information disclosure, remote code execution, or crash of the application...

CVE-2019-13513

This CVE affects Delta Industrial Automation DOPSoft, specifically version 4.00.06.15 and earlier. The issue arises during parsing of DPA project files, where multiple out-of-bounds reads may occur due to insufficient validation, potentially leading to information disclosure, remote code executio...

CVE-2018-13513

CVE-2018-13513 concerns Ubiou’s Ethereum token smart contract where the mintToken function contains an integer overflow, allowing the contract owner to set any user’s balance to an arbitrary value. The issue is described consistently across sources (CNVD-2018-13186, NVD/CVE-2018-13513, CNVD varia...