266 matches found
WordPress DB Tables Import/Export Plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin DB Tables Import/Export versions = 1.0.1...
CVE-2025-22539
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ka2 Custom DataBase Tables custom-database-tables allows Reflected XSS.This issue affects Custom DataBase Tables: from n/a through = 2.1.34...
CVE-2025-22539
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ka2 Custom DataBase Tables custom-database-tables allows Reflected XSS.This issue affects Custom DataBase Tables: from n/a through = 2.1.34...
CVE-2025-22539 WordPress Custom DataBase Tables Plugin <= 2.1.34 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ka2 Custom DataBase Tables custom-database-tables allows Reflected XSS.This issue affects Custom DataBase Tables: from n/a through = 2.1.34...
CVE-2025-22539 WordPress Custom DataBase Tables Plugin <= 2.1.34 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ka2 Custom DataBase Tables allows Reflected XSS.This issue affects Custom DataBase Tables: from n/a through 2.1.34...
CVE-2025-22539
CVE-2025-22539 affects the ka2 Custom DataBase Tables WordPress plugin. The connected document details a Reflected Cross-Site Scripting vulnerability caused by improper neutralization of input during web page generation. The issue affects Custom DataBase Tables versions from n/a up to 2.1.34. The...
WordPress plugin Custom DataBase Tables 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Custom DataBase Tables Plugin <= 2.1.34 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 Patchstack Alliance in WordPress Plugin Custom DataBase Tables versions = 2.1.34...
UIOMatic 注入漏洞
UIOMatic is a tool by Tim Geyssens personal developer. It automatically generates an integrated crud UI for npoco poco based db tables. An injection vulnerability exists in UIOMatic version 5, which stems from the file /src/UIOMatic/wwwroot/backoffice/resources/uioMaticObject.r that can lead to S...
CVE-2024-51992 Method Exposure Vulnerability in Modals in orchid/platform
Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue CWE-749: Exposed Dangerous Method or Function in the Orchid Platform’s asynchronous modal functionality, affecti...
CVE-2024-51992
The CVE-2024-51992 issue affects Orchid Platform versions 8 through 14.42.x and stems from a method exposure vulnerability in the platform’s asynchronous modal functionality. The root cause is exposing dangerous methods within the Screen class, enabling an attacker to call arbitrary methods. Clai...
ZOHO ManageEngine ADAudit Plus 安全漏洞
ZOHO ManageEngine ADAudit Plus is ZOHO's solution for simplifying audits, proving compliance and detecting threats. A SQL injection vulnerability exists in ZOHO ManageEngine ADAudit Plus prior to version 8121, which can be exploited by an attacker to execute custom queries and access database tab...
CVE-2024-7032
The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moodeactivateAndClean' function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to deactivate the plugin an...
CVE-2024-7032
CVE-2024-7032 affects the WordPress plugin Smart Online Order for Clover . The vulnerability is a missing authorization check in the function moo_deactivateAndClean , present in all versions up to and including 1.5.6, which could allow unauthenticated attackers to deactivate the plugin and drop a...
CVE-2024-41109 Pimcore vulnerable to disclosure of system and database information behind /admin firewall
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to /admin/index/statistics with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the...
Pimcore 安全漏洞
Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates applications for Web content management, e-commerce frameworks and product information management. A security vulnerability exists in...
New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites
Multiple content management system CMS platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer. A web skimmer refers to malware that is injected into e-commerce sites with the goal of stealing financial and payment...
CVE-2024-31459
CVE-2024-31459 affects Cacti prior to version 1.2.27 and describes a file inclusion in lib/plugin.php where data from plugin_hooks and plugin_config tables is concatenated into a file path for inclusion. When paired with SQL injection weaknesses, this can enable remote code execution. Connected a...
Beekeeper Studio 安全漏洞
Beekeeper Studio is a cross-platform, open source SQL editor and database manager from Beekeeper Studio, Inc. It is available for Linux, Mac and Windows. A security vulnerability exists in Beekeeper Studio version 4.1.13 and prior versions. A remote attacker can exploit this vulnerability to...
BIT-PHPMYADMIN-2020-10803
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results in tblgetfield.php and libraries/classes/Display/Results.php. The attacker must be able to insert...