CVE-2026-8995

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 6.3.7. This is due to insufficient access controls on the 'ayspollgetuserinformation' AJAX action, which serializes and returns the...

WordPress Awesome Support plugin <= 6.3.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Unauthorized Ticket Reply Access via 'ticket_id' Parameter vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference to Unauthorized Ticket Reply Access via 'ticketid' Parameter vulnerability discovered by Michael Iden Mickhat - Hack The Box in WordPress Plugin Awesome Support versions = 6.3.7...

CVE-2025-46259

Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a before 6.3.7...

ai.driftkit:driftkit-chat-assistant-framework (>=0.5.0 <=0.8.7), ai.driftkit:driftkit-clients-spring-ai-starter (>=0.6.0 <=0.8.7) +3194 more potentially affected by CVE-2025-22228 via org.springframework.security:spring-security-crypto (>=6.3.0 <=6.3.7)

org.springframework.security:spring-security-crypto MAVEN version =6.3.0, =0.5.0, =0.6.0, =0.5.0, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =cloud-0.1, =cloud-0.3 and more Source cves: CVE-2025-22228 Source advisory: OSV:GHSA-MG83-C7GQ-RV5C...

WordPress Advanced Custom Fields PRO Plugin <= 6.3.7 is vulnerable to Arbitrary Code Execution

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions = 6.3.7 Fixed in 6.3.8 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-9529 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID aa150d72013d Credits Automattic Security Team...

WordPress Advanced Custom Fields Plugin <= 6.3.6 is vulnerable to Arbitrary Code Execution

Software Advanced Custom Fields Type Plugin Vulnerable versions = 6.3.6 Fixed in 6.3.6.1 OWASP Top 10 A1: Injection Classification Arbitrary Code Execution CVE CVE-2024-9529 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 2b40e735610b Credits Automattic Security Team...

Sql injection

A vulnerability, which was classified as critical, has been found in Bylancer QuickOrder 6.3.7. Affected by this issue is some unknown functionality of the file /blog of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The attack may be launched...

Sql injection

A vulnerability classified as critical was found in Bylancer QuickQR 6.3.7. Affected by this vulnerability is an unknown functionality of the file /blog of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The attack can be launched remotely. The...

CVE-2023-3690

CVE-2023-3690 concerns Bylancer QuickOrder 6.3.7. The issue is described as a SQL injection in the blog path, triggered by manipulating the GET Parameter Handler argument s. This affects the /blog functionality within the component described as GET Parameter Handler and is reported to be exploita...

CVE-2023-3690 Bylancer QuickOrder GET Parameter blog sql injection

A vulnerability, which was classified as critical, has been found in Bylancer QuickOrder 6.3.7. Affected by this issue is some unknown functionality of the file /blog of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The attack may be launched...

CVE-2023-3689

CVE-2023-3689 affects Bylancer QuickQR 6.3.7. The GET Parameter Handler in the /blog functionality allows remote SQL injection by manipulating the s argument. Multiple sources confirm this, with impact described as compromising confidentiality, integrity and availability. No exploit specifics are...

PT-2023-25736 · Bylancer · Bylancer Quickqr

Name of the Vulnerable Software and Affected Versions: Bylancer QuickQR version 6.3.7 Description: A critical issue was found in the GET Parameter Handler component of the /blog file, where the manipulation of the s argument leads to sql injection. This issue can be exploited remotely. The vendor...

QuickOrder 6.3.7 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

CVE-2019-2709

Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite subcomponent: Security. Supported versions that are affected are 6.3.7, 6.4.2 and 6.4.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromis...

OpenKM 6.3.2 6.3.7 - Remote Command Execution (Metasploit)

OpenKM 6.3.2 6.3.7 - Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenKM Document Management %q Versions of the OpenKM Document Management 'AkkuS ' ,...