27 matches found
EUVD-2025-24788
Malicious code in bioql PyPI...
CVE-2025-52730
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Stored XSS.This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a throug...
CVE-2025-52731
Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through =...
CVE-2025-52730
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Stored XSS.This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a throug...
CVE-2025-52731 WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Arbitrary Content Deletion Vulnerability
Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through =...
CVE-2025-52730 WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Stored XSS.This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a throug...
CVE-2025-52731
CVE-2025-52731 affects WordPress WordPress Event Manager, Event Calendar and Booking Plugin (≤ 4.0.24). A Missing Authorization flaw in the plugin’s theme function allows unauthenticated access to delete content (Arbitrary Content Deletion). Public details identify the affected versions and impac...
WordPress plugin WordPress Event Manager, Event Calendar and Booking Plugin 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...
PT-2025-33211 · WordPress · Events Manager
Name of the Vulnerable Software and Affected Versions: Event Manager, Event Calendar and Booking Plugin for WordPress versions not specified through 4.0.24 Description: A missing authorization flaw exists in the theme function of the WordPress Event Manager, Event Calendar and Booking Plugin. Thi...
WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin WordPress Event Manager, Event Calendar and Booking Plugin versions = 4.0.24...
WordPress plugin Eventin 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
WordPress ARMember Plugin <= 4.0.23 is vulnerable to Cross Site Scripting (XSS)
Software ARMember Type Plugin Vulnerable versions = 4.0.23 Fixed in 4.0.24 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27995 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a530dd76b60e Credits Van Lyubov Required privilege Administrator...
Sql injection
Simple POS 4.0.24 allows SQL Injection via a products/getproducts/ columns0searchvalue parameter in the management panel, as demonstrated by products/getproducts/1...
CVE-2018-17110
Simple POS 4.0.24 allows SQL Injection via a products/getproducts/ columns0searchvalue parameter in the management panel, as demonstrated by products/getproducts/1...
CVE-2018-17110
Simple POS 4.0.24 allows SQL Injection via a products/getproducts/ columns0searchvalue parameter in the management panel, as demonstrated by products/getproducts/1...
CVE-2018-17110
CVE-2018-17110 affects Simple POS, version 4.0.24, by allowing SQL Injection through the management panel's products/get_products/1 URL with the columns[0][search][value] parameter. The vulnerability targets the get_products function (columns[0][search][value]) enabling injection and is evidenced...
Hashicorp vagrant-vmware-fusion 4.0.24 - Local Privilege Escalation
Hashicorp vagrant-vmware-fusion 4.0.24 - Local Privilege Escalation I have previously disclosed a couple of bugs in Hashicorp's vagrant-vmware-fusion plugin for vagrant. Unfortunately the 4.0.23 release which was supposed to fix the previous bug I reported didn't address the issue, so Hashicorp...
HashiCorp Vagrant VMware Fusion Plugin Local Root Vulnerability
HashiCorp Vagrant VMware Fusion plugin is a tool for building and managing virtual machine environments on VMware virtual machines developed by HashiCorp, USA. A security vulnerability exists in the insecure suid wrapper binary in HashiCorp Vagrant VMware Fusion plugin version 4.0.24 and earlier...
Hashicorp vagrant-vmware-fusion 4.0.24 Local Root Privilege Escalation Exploit
Exploit for windows platform in category local exploits I have previously disclosed a couple of bugs in Hashicorp's vagrant-vmware-fusion plugin for vagrant. Unfortunately the 4.0.23 release which was supposed to fix the previous bug I reported didn't address the issue, so Hashicorp quickly put o...
Hashicorp vagrant-vmware-fusion 4.0.24 Local Root Privilege Escalation
I have previously disclosed a couple of bugs in Hashicorp's vagrant-vmware-fusion plugin for vagrant. Unfortunately the 4.0.23 release which was supposed to fix the previous bug I reported didn't address the issue, so Hashicorp quickly put out another release - 4.0.24 - after that but didn't upda...