WordPress Ultimate FAQ <1.8.30 - Cross-Site Scripting

WordPress Ultimate FAQ plugin before 1.8.30 is susceptible to cross-site scripting via DisplayFAQ to Shortcodes/DisplayFAQs.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

CVE-2026-7107

A weakness has been identified in code-projects Invoice System in Laravel 1.0. The impacted element is an unknown function of the file /company. This manipulation of the argument logo causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made availabl...

CVE-2020-7107

The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via DisplayFAQ to Shortcodes/DisplayFAQs.php...

MAL-2025-7107 Malicious code in @azl-react-components/molecules (npm)

The package @azl-react-components/molecules was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

Ubuntu: Security Advisory (USN-7107-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : zlib vulnerability (USN-7107-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7107-1 advisory. It was discovered that Minizip in zlib incorrectly handled certain zip header fields. An attacker could possibly use this issue to cause a denial of service, or...

Adobe InDesign 14.0.0 < 14.0.2 Arbitrary Code Execution (APSB19-23) (macOS)

The version of Adobe InDesign installed on the remote macOS host is prior to 14.0.2. It is, therefore, affected by a vulnerability as referenced in the APSB19-23 advisory. - Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. Successful exploitation could...

CVE-2024-7107

creationtimestamp| type| source ---|---|--- 2024-09-26 14:39:09+00:00| seen| https://t.me/cvedetector/6410...

CVE-2024-7107

Files or Directories Accessible to External Parties vulnerability in National Keep Cyber Security Services CyberMath allows Collect Data from Common Resource Locations. This issue affects CyberMath: before CYBM.240816253...

CVE-2024-7107 Directory Traversal in National Keep's CyberMath

Files or Directories Accessible to External Parties vulnerability in National Keep Cyber Security Services CyberMath allows Collect Data from Common Resource Locations. This issue affects CyberMath: before CYBM.240816253...

Malicious code in wlwz-2312-7107 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a6d001df2b866bc79619e83700f49d803d47db50f59e0d1a6928673dbf1e39dc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-7107

creationtimestamp| type| source ---|---|--- 2024-01-19 09:16:31+00:00| seen| https://t.me/ctinow/170111...

CVE-2023-7107

CVE-2023-7107 affects code-projects E-Commerce Website 1.0, exploiting SQL injection in the file user_signup.php. The vulnerability targets the parameters firstname, middlename, email, address, contact, and username, enabling remote manipulation of SQL queries. Impact is described with high conce...

CVE-2023-7107 code-projects E-Commerce Website user_signup.php sql injection

A vulnerability was found in code-projects E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file usersignup.php. The manipulation of the argument firstname/middlename/email/address/contact/username leads to sql injection. The attac...

SUSE CVE-2013-7107

Cross-site request forgery CSRF vulnerability in cmd.cgi in Icinga 1.8.5, 1.9.4, 1.10.2, and earlier allows remote attackers to hijack the authentication of users for unspecified commands via unspecified vectors, as demonstrated by bypassing authentication requirements for CVE-2013-7106...

CVE-2020-7107

The WordPress plugin Ultimate FAQ (WordPress plugin) prior to version 1.8.30 is vulnerable to Cross-Site Scripting (XSS) via the Display_FAQ parameter routed through Shortcodes/DisplayFAQs.php. The issue stems from insufficient sanitization of the Display_FAQ GET parameter, enabling an attacker t...

CVE-2020-7107

The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via DisplayFAQ to Shortcodes/DisplayFAQs.php...

CVE-2019-7107

creationtimestamp| type| source ---|---|--- 2019-05-23 16:48:29+00:00| seen| https://t.me/cvemitreorg/205...

CVE-2019-7107

Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. Successful exploitation could lead to arbitrary code execution. Fixed in versions 13.1.1 and 14.0.2...

CVE-2019-7107

Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. Successful exploitation could lead to arbitrary code execution. Fixed in versions 13.1.1 and 14.0.2...