15 matches found
EUVD-2021-11636
Malware in sbrugna...
EUVD-2020-30792
Malware in sbrugna...
EUVD-2024-31932
Malicious code in bioql PyPI...
WordPress plugin Restaurant Menu by MotoPress 跨站请求伪造漏洞
WordPress Restaurant Menu by MotoPress is a menu plugin designed for the restaurant industry that supports free downloads and can be enhanced by adding paid extensions. WordPress Restaurant Menu by MotoPress has a cross-site request forgery vulnerability, the vulnerability stems from the WEB...
CVE-2023-28498
Cross-Site Request Forgery CSRF vulnerability in MotoPress Hotel Booking Lite plugin = 4.6.0 versions...
CVE-2021-24722
The Restaurant Menu by MotoPress WordPress plugin before 2.4.2 does not properly sanitize or escape inputs when creating new menu items, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24724
The Timetable and Event Schedule by MotoPress WordPress plugin before 2.3.19 does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks against frontend and backend users when viewing the related event/s...
WordPress Restaurant Menu by MotoPress plugin <= 2.4.4 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by muhammad yudha in WordPress Plugin Restaurant Menu by MotoPress versions = 2.4.4...
CVE-2025-30846 WordPress Restaurant Menu by MotoPress plugin <= 2.4.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in jetmonsters Restaurant Menu by MotoPress mp-restaurant-menu allows PHP Local File Inclusion.This issue affects Restaurant Menu by MotoPress: from n/a through = 2.4.4...
CVE-2024-3342
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL Injection via the 'events' attribute of the 'mp-timetable' shortcode in all versions up to, and including, 2.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation ...
PT-2024-10850 · Motopress · The Timetable/Event Schedule By Motopress
Name of the Vulnerable Software and Affected Versions: The Timetable and Event Schedule by MotoPress plugin for WordPress versions up to, and including, 2.3.8 Description: The issue is related to a missing capability check on the wp ajax route url function called via a nopriv AJAX action. This...
CVE-2024-3342 Timetable and Event Schedule by MotoPress <= 2.4.11 - Authenticated (Contributor+) SQL Injection
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL Injection via the 'events' attribute of the 'mp-timetable' shortcode in all versions up to, and including, 2.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation ...
WordPress plugin Timetable and Event Schedule by MotoPress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
CVE-2021-24722
The Restaurant Menu by MotoPress WordPress plugin before 2.4.2 does not properly sanitize or escape inputs when creating new menu items, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
WordPress 插件跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin MotoPress, which stems from the fact that...