WordPress WP Affiliate Platform plugin < 6.5.1 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Affiliate Manager versions 6.5.1...

WordPress Seriously Simple Podcasting plugin < 3.3.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Thanh Hang in WordPress Plugin Seriously Simple Podcasting versions 3.3.0...

Loan Management System SQL Injection Vulnerability

Loan Management System is a loan management system by razormist Personal Developer. A SQL injection vulnerability exists in itsourcecode Loan Management System version 1.0, which is caused by an unknown function in login.php in the component Login, which leads to SQL injection via the parameter...

Wordpress Divi theme <= 4.25.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Theme Divi versions = 4.25.1...

RockOA Cross-Site Scripting Vulnerability

RockOA Xinhu is an open source office OA system. A cross-site scripting vulnerability exists in Xinhu RockOA v2.6.3, which originates from a cross-site scripting vulnerability in the num parameter on /flow/flow.php...

RHEL 6 : a2ps (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - a2ps: outputfile format string flaw CVE-2015-8107 - The fixps script in a2ps 4.14 does not use the -dSAFE...

WordPress Media Library Assistant plugin <= 3.15 - Reflected Cross-Site Scripting via lang vulnerability

Reflected Cross-Site Scripting via lang vulnerability discovered by Le Ngoc Anh in WordPress Plugin Media LIbrary Assistant versions = 3.15...

PT-2024-25267 · WordPress · Shoplentor

Name of the Vulnerable Software and Affected Versions: ShopLentor plugin for WordPress versions up to, and including, 2.8.8 Description: The issue is related to Stored Cross-Site Scripting via the plugin's woolentorsearch shortcode due to insufficient input sanitization and output escaping on...

CVE-2024-4634

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hfesvgmimetypes’ function in versions up to, and including, 1.6.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-35300

In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible...

PT-2024-25946 · Achecker · Achecker

Name of the Vulnerable Software and Affected Versions: AChecker version 1.5 Description: The issue allows remote attackers to read the contents of arbitrary files via the "download.php" path parameter by using Unauthenticated Path Traversal. This occurs through the readfile function in PHP. It is...

WordPress Folders Pro plugin <= 3.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User First Name and Last Name vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via User First Name and Last Name vulnerability discovered by mike harris in WordPress Plugin Folders versions = 3.0.2...

WordPress Mhr Post Ticker plugin <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Benedictus Jovan in WordPress Plugin Mhr Post Ticker versions = 1.1...

RageFrame2 安全漏洞

rageframe2 is a rapid development application engine based on the Yii2 advanced framework by an individual developer in China, jianyan74. A security vulnerability exists in RageFrame2 version v2.6.43, which stems from the presence of a Reflective Cross-Site Scripting XSS vulnerability that could...

CVE-2024-2736

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tags in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

CVE-2024-1571

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video Embed parameter in all versions up to, and including, 9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the recipe...

Wondershare Filmora 安全漏洞

Wondershare Filmora is a frequency editor from Wondershare. A security vulnerability exists in Wondershare Filmora version v.13.0.51, which stems from the presence of an insecure privilege vulnerability that allows a local attacker to execute arbitrary code via a crafted WSNativePushService.exe...

CandyCMS 安全漏洞

CandyCMS is a simple PHP CMS open-sourced by Stephen Radford. A security vulnerability exists in CandyCMS version 1.0.0. A remote attacker can exploit this vulnerability to execute arbitrary code via the install.php component...

WordPress Jeg Elementor Kit plugin <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box andTestimonial vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Box andTestimonial vulnerability discovered by Nikolas in WordPress Plugin Jeg Elementor Kit versions = 2.6.3...

WordPress Plugin Ultimate Addons for Beaver Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...