CVE-2022-47605 WordPress Custom 404 Pro Plugin <= 3.7.0 is vulnerable to SQL Injection (SQLi)

Auth. SQL Injection' vulnerability in Kunal Nagar Custom 404 Pro plugin = 3.7.0 versions...

WordPress HappyFiles Pro Plugin <= 1.8.1 is vulnerable to Broken Access Control

Software HappyFiles Pro Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25445 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 518a5cea4b57 Credits Dave Jong Patchstack...

WordPress real-estate-pro Plugin < 1.7.1 is vulnerable to Privilege Escalation

Software real-estate-pro Type Plugin Vulnerable versions 1.7.1 Fixed in 1.7.1 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2020-36666 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID a8f610e7b2fc Credits Omar Badran Required privilege...

WordPress plugin directory-pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2018-25055

A vulnerability was found in FarCry Solr Pro Plugin up to 1.5.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file packages/forms/solrProSearch.cfc of the component Search Handler. The manipulation of the argument suggestion leads to cross...

CVE-2018-25055 FarCry Solr Pro Plugin Search solrProSearch.cfc cross site scripting

A vulnerability was found in FarCry Solr Pro Plugin up to 1.5.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file packages/forms/solrProSearch.cfc of the component Search Handler. The manipulation of the argument suggestion leads to cross...

CVE-2018-25055

CVE-2018-25055 concerns FarCry Solr Pro Plugin (up to 1.5.x). The vulnerability lies in the Search Handler’s packages/forms/solrProSearch.cfc and the manipulation of the suggest ion argument, which enables cross-site scripting. It can be exploited remotely. Upgrading to version 1.6.0 addresses th...

CVE-2022-4161

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgcopystart POST parameter before concatenating it to an SQL query in copy-gallery-images.php. This may allow malicious users with at least author privilege to leak sensiti...

PT-2022-25944 · WordPress · Contest Gallery Pro +1

Name of the Vulnerable Software and Affected Versions: Contest Gallery WordPress plugin versions prior to 19.1.5.1 Contest Gallery Pro WordPress plugin versions prior to 19.1.5.1 Description: The issue arises from the failure to escape the cg option id POST parameter before it is concatenated to ...

CVE-2022-3900

The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipeargs parameter before unserializing it in the cookedloadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability...

CVE-2022-35501

Stored Cross-site Scripting XSS exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function...

PT-2022-22793

Name of the Vulnerable Software and Affected Versions Testimonials WordPress plugin versions prior to 2.7 super-testimonial-pro WordPress plugin versions prior to 1.0.8 Description The issue allows high privilege users, such as admins, to perform cross-Site Scripting attacks, even when the...

CVE-2022-42494 WordPress All in One SEO Pro plugin <= 4.2.5.1 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability in All in One SEO Pro plugin = 4.2.5.1 on WordPress...

WordPress WP ALL Export Pro plugin <= 1.7.8 - Authenticated Code Injection vulnerability

Authenticated Code Injection vulnerability discovered by Sanjay Das in WordPress WP ALL Export Pro plugin versions = 1.7.8. Solution Update the WordPress WP ALL Export Pro plugin to the latest available version at least 1.7.9...

CVE-2021-36855

CVE-2021-36855 affects the WordPress Booking Ultra Pro plugin versions 1.1.4 where available; Patchstack notes that no patched version may exist, while PT Security recommends updating or restricting access. Several feeds corroborate the vulnerability, but explicit exploit details are not provide...

CVE-2021-36854

CVE-2021-36854 affects WordPress Booking Ultra Pro plugin versions up to 1.1.4. The root cause is missing CSRF checks in multiple areas, enabling CSRF to trigger actions by authenticated users. Impact per sources is user action changes with potential confidentiality/integrity concerns; exploitati...

CVE-2021-36854 WordPress Booking Ultra Pro plugin <= 1.1.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities in Booking Ultra Pro plugin = 1.1.4 at WordPress...

CVE-2022-2391

The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description...

PT-2022-16328 · WordPress · Inspiro Pro

Name of the Vulnerable Software and Affected Versions: Inspiro PRO WordPress plugin affected versions not specified Description: The issue allows users with privileges as low as Contributor to inject JavaScript into the portfolio slider description due to a lack of sanitization. This can lead to...

Sql injection

A vulnerability classified as critical has been found in Online Hotel Booking System Pro Plugin 1.0. Affected is an unknown function of the file /front/roomtype-details.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has...