7 matches found
CVE-2025-61837 Format Plugins | Heap-based Buffer Overflow (CWE-122)
Format Plugins versions 1.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2024-1658
The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress plugin Demo Import security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
CVE-2023-39106
An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor component...
DP3T-Backend-SDK Data Forgery Issue Vulnerability
DP3T-Backend-SDK is a backend implementation of DP3T Decentralized Privacy Preserving Neighborhood Tracking. A security vulnerability exists in DP3T-Backend-SDK versions prior to 1.1.1. An attacker can exploit the vulnerability to bypass signature checking...
WordPress WHIZ plugin cross-site request forgery vulnerability
WordPress is a blogging platform developed using the PHP language that allows users to set up their own websites on servers that support PHP and MySQL databases. WordPress can also be used as a content management system CMS. A cross-site request forgery vulnerability in the WHIZ plugin for...
CVE-2004-2268
PimenGest2 before 1.1.1 allows remote attackers to obtain the database password via debug information in rowLatex.inc.php...