81 matches found
CVE-2024-54285
Unrestricted Upload of File with Dangerous Type vulnerability in SeedProd LLC SeedProd Pro allows Upload a Web Shell to a Web Server.This issue affects SeedProd Pro: from n/a through 6.18.10...
CVE-2024-8750
Cross-site Scripting XSS vulnerability in idoit pro version 28. This vulnerability allows an attacker to retrieve session details of an authenticated user due to lack of proper sanitization of the following parameters id,lang,mNavID,name,pID,treeNode,type,view...
PT-2024-31626 · Unknown · Advanced Custom Fields Pro
Name of the Vulnerable Software and Affected Versions: Advanced Custom Fields versions 6.3.5 and earlier Advanced Custom Fields Pro versions 6.3.5 and earlier Description: A cross-site scripting issue exists, allowing an attacker with the capability setting privilege to store an arbitrary script ...
CVE-2024-5426
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘svg’ parameter in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-2324 FileOrganizer and FileOrganizer Pro <= 1.0.6 - Authenticated Stored Cross-Site Scripting
The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers t...
CVE-2024-2324
CVE-2024-2324 affects the FileOrganizer – Manage WordPress and Website Files WordPress plugin. It is vulnerable to stored cross-site scripting via SVG file uploads in all versions up to 1.0.6, caused by insufficient input sanitization and output escaping. Exploitation requires authentication. The...
CVE-2024-2324
The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers t...
FileOrganizer and FileOrganizer Pro < 1.0.7 - Authenticated Stored Cross-Site Scripting
Description The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2023-6825
The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 free version and 8.3.4 Pro version via the target parameter in the mkfilefoldermanageractioncallbackshortcode function. This makes it possible for...
CVE-2023-6825 File Manager And File Manager Pro (Multiple Versions) - Directory Traversal
The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 free version and 8.3.4 Pro version via the target parameter in the mkfilefoldermanageractioncallbackshortcode function. This makes it possible for...
CVE-2023-6632
The Happy Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via DOM in all versions up to and including 3.9.1.1 versions up to 2.9.1.1 in Happy Addons for Elementor Pro due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2023-6158
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evoeventpostupdatemeta function in all versions up to, and including, 4.5.4 for Pro and 2.2.7 for free. This make...
WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting
Overview WordPress Plugin "Advanced Custom Fields" provided by WP Engine contains a cross-site scripting vulnerability CWE-79. Ryotaro Imamura of SB Technology Corp. and Satoo Nakano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
Emlog 代码问题漏洞
Emlog is a PHP and MySQL based CMS website builder by the individual developers of Emlog. A code issue vulnerability exists in Emlog Pro version 1.6.0 that stems from a remote code execution issue...
Easy Testimonials < 3.9 - Reflected Cross-Site Scripting
The plugin, when used along the Pro version, does not escape an URL before outputting it back in an attribute, leading to Reflected Cross-Site Scripting With the pro version installed and when consent hasn't been given yet:...
Easy Testimonials < 3.9 - Reflected Cross-Site Scripting
The plugin, when used along the Pro version, does not escape an URL before outputting it back in an attribute, leading to Reflected Cross-Site Scripting PoC With the pro version installed and when consent hasn't been given yet:...
Emlog 跨站脚本漏洞
Emlog is a PHP and MySQL based CMS website building system. A security vulnerability exists in Emlog Pro version 1.2.2 and earlier, which can be exploited by a registered and logged-in attacker to launch cross-site scripting attacks...
CVE-2022-23450
A vulnerability has been identified in SIMATIC Energy Manager Basic All versions V7.3 Update 1, SIMATIC Energy Manager PRO All versions V7.3 Update 1. The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the...
Qnap Qvr缓冲区错误漏洞
Qnap Qvr is a Qnap monitoring system control center from China Welllink Technology Qnap, Inc. A buffer overflow vulnerability exists in several QVR products, which stems from a stack buffer overflow vulnerability that affects QNAP devices running QVR Elite, QVR Pro, and QVR Guard. An attacker cou...
Qnap Qvr缓冲区错误漏洞
Qnap Qvr is a Qnap monitoring system control center from China Welllink Technology Qnap, Inc. A security vulnerability exists in several QVR products, stemming from a stack buffer overflow vulnerability that affects QNAP devices running QVR Elite, QVR Pro, and QVR Guard. An attacker could exploit...