370 matches found
CVE-2023-27600
OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the deletesdpline function in the sipmsgops module. This issue can be reproduced by calling the function with an SDP...
CVE-2021-24512
The Video Posts Webcam Recorder WordPress plugin before 3.2.4 has an authenticated reflected cross site scripting XSS vulnerability in one of the administrative functions for handling deletion of videos...
CVE-2018-18529
ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI...
CVE-2025-39529
CVE-2025-39529 affects the WordPress plugin Scriptless Social Sharing. A stored XSS exists due to improper input neutralization during web page generation, impacting versions up to 3.2.4. Public advisories confirm the vulnerability and indicate a patch is available in version 3.3.0 (and later). C...
API Platform Core can leak exceptions message that may contain sensitive information
Summary Exception messages, that are not HTTP exceptions, are visible in the JSON error response. Details While we wanted to make our errors compatible with the JSON Problem specification, we ended up handling more exceptions then we did previously introduced at...
GHSA-RFW5-CQJJ-7V9R API Platform Core can leak exceptions message that may contain sensitive information
Summary Exception messages, that are not HTTP exceptions, are visible in the JSON error response. Details While we wanted to make our errors compatible with the JSON Problem specification, we ended up handling more exceptions then we did previously introduced at...
PT-2025-7874 · Wpchill · Strong Testimonials
Name of the Vulnerable Software and Affected Versions: Strong Testimonials versions prior to 3.2.4 Description: A Missing Authorization issue in WP Chill Strong Testimonials allows accessing functionality not properly constrained by ACLs. Recommendations: For versions prior to 3.2.4, update to...
CVE-2024-13479
The LTL Freight Quotes – SEFL Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropshipeditid' and 'editid' parameters in all versions up to, and including, 3.2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2024-13479
The LTL Freight Quotes – SEFL Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropshipeditid' and 'editid' parameters in all versions up to, and including, 3.2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2024-13479 LTL Freight Quotes – SEFL Edition <= 3.2.4 - Unauthenticated SQL Injection
The LTL Freight Quotes – SEFL Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropshipeditid' and 'editid' parameters in all versions up to, and including, 3.2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
WordPress LTL Freight Quotes – SEFL Edition plugin <= 3.2.4 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by Colin Xu in WordPress Plugin LTL Freight Quotes – SEFL Edition versions = 3.2.4...
WordPress plugin LTL Freight Quotes SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
CVE-2024-22303
Incorrect Privilege Assignment vulnerability in favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4...
WordPress plugin MooWoodle 日志信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A log information...
CVE-2025-24609 WordPress PORTONE 우커머스 결제 Plugin <= 3.2.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PORTONE PORTONE 우커머스 결제 iamport-for-woocommerce allows Reflected XSS.This issue affects PORTONE 우커머스 결제: from n/a through = 3.2.4...
CVE-2025-24609 WordPress PORTONE 우커머스 결제 Plugin <= 3.2.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PORTONE PORTONE 우커머스 결제 iamport-for-woocommerce allows Reflected XSS.This issue affects PORTONE 우커머스 결제: from n/a through = 3.2.4...
PT-2025-5444 · Portone · Portone Portone 우커머스 결제
Name of the Vulnerable Software and Affected Versions: PortOne PORTONE 우커머스 결제 versions 3.2.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers ...
WordPress plugin PORTONE 우커머스 결제 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
WordPress Plugin "Simple Image Sizes" vulnerable to cross-site scripting
Overview WordPress Plugin "Simple Image Sizes" provided by Rahe contains a stored cross-site scripting vulnerability CWE-79. Ibuki Sato of Nippon Engineering College of Hachioji reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
WordPress Popup Box Plugin <= 3.2.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Khang Duong in WordPress Plugin Popup Box versions = 3.2.4...