WP Projects Portfolio <= 3.0 - Cross-Site Scripting

WP Projects Portfolio with Client Testimonials WordPress plugin = 3.0 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13114...

EUVD-2024-51225

Malicious code in bioql PyPI...

EUVD-2024-33708

Malicious code in bioql PyPI...

EUVD-2024-33985

Malicious code in bioql PyPI...

EUVD-2024-51261

Malicious code in bioql PyPI...

EUVD-2024-51229

Malicious code in bioql PyPI...

EUVD-2024-33974

Malicious code in bioql PyPI...

EUVD-2024-51206

Malicious code in bioql PyPI...

CVE-2024-12951

A vulnerability classified as critical has been found in 1000 Projects Portfolio Management System MCA 1.0. Affected is an unknown function of the file /addpersonaldetails.php. The manipulation of the argument profile leads to unrestricted upload. It is possible to launch the attack remotely. The...

CVE-2024-12953

A vulnerability, which was classified as critical, has been found in 1000 Projects Portfolio Management System MCA 1.0. Affected by this issue is some unknown functionality of the file /updatepdprocess.php. The manipulation of the argument profile leads to unrestricted upload. The attack may be...

CVE-2024-12954

A vulnerability, which was classified as critical, was found in 1000 Projects Portfolio Management System MCA 1.0. This affects an unknown part of the file /updateach.php. The manipulation of the argument achcerty leads to unrestricted upload. It is possible to initiate the attack remotely. The...

CVE-2024-12965

A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /updateexdetail.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit h...

CVE-2024-12961

A vulnerability, which was classified as critical, was found in 1000 Projects Portfolio Management System MCA 1.0. Affected is an unknown function of the file /updateachdetails.php. The manipulation of the argument q leads to sql injection. It is possible to launch the attack remotely. The exploi...

CVE-2024-12958

A vulnerability classified as critical has been found in 1000 Projects Portfolio Management System MCA 1.0. This affects an unknown part of the file /updateprodetails.php. The manipulation of the argument q leads to sql injection. It is possible to initiate the attack remotely. The exploit has be...

CVE-2024-12942

A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/adminlogin.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack...

CVE-2024-12959

A vulnerability classified as critical was found in 1000 Projects Portfolio Management System MCA 1.0. This vulnerability affects unknown code of the file /updatepersonaldetails.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit has...

CVE-2024-11819

A vulnerability classified as critical was found in 1000 Projects Portfolio Management System MCA 1.0. This vulnerability affects unknown code of the file /forgotpasswordprocess.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploi...

WordPress WP Projects Portfolio with Client Testimonials plugin <= 3.0 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP Projects Portfolio versions = 3.0...

WordPress WP Projects Portfolio with Client Testimonials plugin <= 3.0 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin WP Projects Portfolio versions = 3.0...

CVE-2024-13115

The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...