225 matches found
PT-2024-34757 · Unknown · Aajoda Testimonials
Name of the Vulnerable Software and Affected Versions: Aajoda Testimonials versions n/a through 2.2.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS in Aajoda Testimonials...
PT-2024-39647 · Zoho · Zoho Manageengine Exchange Reporter Plus
Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior Description: The issue concerns an authenticated SQL Injection in the reports module. Recommendations: For versions 5718 and prior, update to a version later than 5718 to...
PT-2024-32529 · Wpquads · Wp Quads Ads
Name of the Vulnerable Software and Affected Versions: WP Quads Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads versions through 2.0.84 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels...
PT-2024-32579 · Wpchill · Wpchill Strong Testimonials
Name of the Vulnerable Software and Affected Versions: WPChill Strong Testimonials versions 3.1.16 and earlier Description: A Missing Authorization vulnerability in WPChill Strong Testimonials allows exploiting incorrectly configured access control security levels. Recommendations: For versions...
PT-2024-34237 · Wpdeveloper · Wpdeveloper Embedpress
Name of the Vulnerable Software and Affected Versions: WPDeveloper EmbedPress versions 4.0.14 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations:...
PT-2024-34263 · Unknown · Acnoo Flutter Api
Name of the Vulnerable Software and Affected Versions: Acnoo Flutter API versions 1.0.0 through 1.0.5 Description: The issue is related to an Authentication Bypass Using an Alternate Path or Channel, allowing unauthorized access. This is a problem where the authentication process can be bypassed,...
PT-2024-33648 · WordPress · Wp Flow Plus
Name of the Vulnerable Software and Affected Versions: WP Flow Plus versions through 5.2.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For WP Flow Plu...
PT-2024-33448 · Digitally · Digitally
Name of the Vulnerable Software and Affected Versions: Digitally versions 1.0.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For versions 1.0.8...
PT-2024-39608 · WordPress · Parcel Pro
Name of the Vulnerable Software and Affected Versions: Parcel Pro plugin for WordPress versions up to, and including, 1.8.4 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inje...
PT-2024-7119 · Adobe · Substance3D - Stager
Name of the Vulnerable Software and Affected Versions: Substance3D - Stager versions 3.0.3 and earlier Description: The issue is caused by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires use...
PT-2024-32522 · Unknown · Ari Fancy Lightbox
Name of the Vulnerable Software and Affected Versions: ARI Fancy Lightbox versions 1.3.17 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For...
PT-2024-32542 · Elementor · Elementsready Addons For Elementor
Name of the Vulnerable Software and Affected Versions: ElementsReady Addons for Elementor versions n/a through 6.4.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...
PT-2024-32553 · WordPress · Wp Mail Catcher
Name of the Vulnerable Software and Affected Versions: WP Mail Catcher versions through 2.1.9 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For versions...
PT-2024-30902 · Unknown · Temegum Gum Elementor Addon
Name of the Vulnerable Software and Affected Versions: TemeGUM Gum Elementor Addon versions 1.3.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...
PT-2024-38806 · WordPress · Slider Revolution
Name of the Vulnerable Software and Affected Versions: Slider Revolution plugin for WordPress versions up to, and including, 6.7.18 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows...
PT-2024-39558 · WordPress · Locateandfilter Plugin For Wordpress
Name of the Vulnerable Software and Affected Versions: LocateAndFilter plugin for WordPress versions up to, and including, 1.6.14 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows...
PT-2024-31643 · Peter Hardy Vandoorn · Maintenance Redirect
Name of the Vulnerable Software and Affected Versions: Peter Hardy-vanDoorn Maintenance Redirect versions n/a through 2.0.1 Description: The issue is related to an Authentication Bypass by Spoofing vulnerability, which allows accessing functionality not properly constrained by ACLs. This enables...
PT-2024-18158 · WordPress · Ninja Forms - File Uploads
Name of the Vulnerable Software and Affected Versions: Ninja Forms - File Uploads plugin for WordPress versions up to, and including, 3.3.16 Description: The issue is a Stored Cross-Site Scripting vulnerability via an uploaded file, such as an RTX file, due to insufficient input sanitization and...
PT-2024-30406 · Eyecix · Eyecix Jobsearch
Name of the Vulnerable Software and Affected Versions: eyecix JobSearch versions n/a through 2.3.4 Description: The issue is related to improper privilege management, allowing privilege escalation. This problem affects eyecix JobSearch, enabling unauthorized access to sensitive data and potential...
PT-2024-38312 · WordPress · Linkify Text
Name of the Vulnerable Software and Affected Versions: Linkify Text plugin for WordPress versions up to and including 1.9.1 Description: The issue is related to Full Path Disclosure, which occurs because the plugin uses bootstrap and leaves test files with display errors enabled. This allows...