AccessAlly <3.5.7 - Sensitive Information Leakage

WordPress AccessAlly plugin before 3.5.7 allows sensitive information leakage because the file "resource/frontend/product/product-shortcode.php" which is responsible for the accessallyorderform shortcode dumps serialize$SERVER, which contains all environment variables. The leakage occurs on all...

CVE-2020-36875

AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code execution vulnerability in the Login Widget. The plugin processes the loginerror parameter as PHP code, allowing an attacker to supply and execute arbitrary PHP in the context of the WordPress web...

CVE-2020-36875

AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code execution vulnerability in the Login Widget. The plugin processes the loginerror parameter as PHP code, allowing an attacker to supply and execute arbitrary PHP in the context of the WordPress web...

CVE-2020-36875

AccessAlly WordPress plugin

CVE-2020-36875 AccessAlly < 3.3.2 Unauthenticated Arbitrary PHP Code Execution

AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code execution vulnerability in the Login Widget. The plugin processes the loginerror parameter as PHP code, allowing an attacker to supply and execute arbitrary PHP in the context of the WordPress web...

CVE-2020-36875 AccessAlly < 3.3.2 Unauthenticated Arbitrary PHP Code Execution

AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code execution vulnerability in the Login Widget. The plugin processes the loginerror parameter as PHP code, allowing an attacker to supply and execute arbitrary PHP in the context of the WordPress web...

CVE-2024-34796

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in AccessAlly PopupAlly allows Stored XSS.This issue affects PopupAlly: from n/a through 2.1.1...

PT-2026-1686

Name of the Vulnerable Software and Affected Versions AccessAlly versions prior to 3.3.2 Description The AccessAlly WordPress plugin contains a flaw where the login error parameter in the Login Widget is treated as PHP code. This allows a remote attacker to execute arbitrary PHP code within the...

WordPress plugin AccessAlly 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

EUVD-2024-35062

Malicious code in bioql PyPI...

EUVD-2024-21015

Malicious code in bioql PyPI...

EUVD-2024-31355

Malicious code in bioql PyPI...

CVE-2024-33639

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AccessAlly PopupAlly allows Stored XSS.This issue affects PopupAlly: from n/a through 2.1.1...

CVE-2024-23520

Missing Authorization vulnerability in AccessAlly PopupAlly.This issue affects PopupAlly: from n/a through 2.1.0...

CVE-2021-24226

In the AccessAlly WordPress plugin before 3.5.7, the file "resource/frontend/product/product-shortcode.php" responsible for the accessallyorderform shortcode is dumping serialize$SERVER, which contains all environment variables. The leakage occurs on all public facing pages containing the...

CVE-2024-34796

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in AccessAlly PopupAlly allows Stored XSS.This issue affects PopupAlly: from n/a through 2.1.1...

CVE-2024-34796

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in AccessAlly PopupAlly allows Stored XSS.This issue affects PopupAlly: from n/a through 2.1.1...

CVE-2024-34796 WordPress PopupAlly plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in AccessAlly PopupAlly allows Stored XSS.This issue affects PopupAlly: from n/a through 2.1.1...

CVE-2024-34796 WordPress PopupAlly plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in AccessAlly PopupAlly allows Stored XSS.This issue affects PopupAlly: from n/a through 2.1.1...

PT-2024-26191 · Unknown · Accessally Popupally

Name of the Vulnerable Software and Affected Versions: AccessAlly PopupAlly versions n/a through 2.1.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Stored XSS. This could potentially compromi...