CVE-2017-20124

The CVE-2017-20124 entry affects Online Hotel Booking System Pro Plugin 1.0, specifically the /front/roomtype-details.php file. The vulnerability stems from unsafely handling the tid argument, causing an SQL injection that can be triggered remotely. Public exploits have been disclosed (e.g., Expl...

CVE-2021-24961

The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 does not escape some of its shortcode argument, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

WordPress Advanced Classifieds & Directory Pro plugin < 1.8.8 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Advanced Classifieds & Directory Pro plugin versions 1.8.8. Solution Update the WordPress Advanced Classifieds & Directory Pro plugin to the latest available version at least 1.8.8...

WordPress Station Pro plugin <= 2.2.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Station Pro plugin versions = 2.2.4. Solution No patched version available...

CVE-2021-36908

The CVE-2021-36908 affects WebFactory Ltd. WP Reset PRO plugin for WordPress, specifically versions

CVE-2021-24507

The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astrapaginationinfinite and astrashoppaginationinfinite AJAX action available to both unauthenticated and authenticated user before using them in SQL statement, leading to an...

capa 2.0: Better, Stronger, Faster

We are excited to announce version 2.0 of our open-source tool called capa. capa automatically identifies capabilities in programs using an extensible rule set. The tool supports both malware triage and deep dive reverse engineering. If you haven’t heard of capa before, or need a refresher, check...

WordPress code issue vulnerability (CNVD-2021-44308)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A code issue vulnerability exists in Business Hours Pro WordPress plugin version 5.5.0 and prior...

WordPress Cross-Site Scripting Vulnerability (CNVD-2021-44304)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in Cooked Pro WordPress plugin versions prior to 1.7.5.6...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in Cooked Pro WordPress plugin versions prior to 1.7.5.6...

CloudBees Jenkins Information Disclosure Vulnerability (CNVD-2020-51386)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . LTS is a long-term support for...

CVE-2020-2251

Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure...

PT-2020-15475 · Smartbear +2 · Readyapi Functional Testing Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins SoapUI Pro Functional Testing Plugin versions 1.5 and earlier ReadyAPI Functional Testing Plugin versions 1.5 and earlier Jenkins versions prior to 2.236, including 2.235.x LTS Description: The issue concerns the transmission of proje...

CVE-2020-14092

The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection...

CVE-2020-14092

The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection...

Ultimate Membership Pro plugin <= 8.6 - Multiple Critical Vulnerabilities

Multiple Critical Vulnerabilities found by Noman Riffat in Ultimate Membership Pro plugin versions = 8.6. Solution Update the Ultimate Membership Pro plugin to the latest available version at least 8.6.1...

YARASAFE - Automatic Binary Function Similarity Checks with Yara

SAFE is a tool developed to create Binary Functions Embedding developed by Massarelli L., Di Luna G.A., Petroni F., Querzoni L. and Baldoni R. You can use SAFE to create your function embedding to use inside yara rules. If you are interested take a look at our research paper:...

CVE-2015-9499

The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive...

Code injection

The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive...

Cross site scripting

The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin before 2.0.10 for WordPress has XSS...