6 matches found
EUVD-2026-29049
ATutor is vulnerable to Reflected XSS in /install/install.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...
CVE-2026-6956
ATutor is vulnerable to Reflected XSS in /install/install.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...
WordPress Tutor LMS Plugin <= 2.2.4 is vulnerable to Cross Site Scripting (XSS)
Software Tutor LMS Type Plugin Vulnerable versions = 2.2.4 Fixed in 2.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49829 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1f03fa341046 Credits emad Required privilege Administrator...
WordPress Ultimate Posts Widget Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Ultimate Posts Widget Type Plugin Vulnerable versions = 2.2.4 Fixed in 2.2.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3977 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ecda45839866 Credits WordFence...
WordPress Ultimate Posts Widget Plugin <= 2.2.4 is vulnerable to Broken Access Control
Software Ultimate Posts Widget Type Plugin Vulnerable versions = 2.2.4 Fixed in 2.2.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0958 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 65c113fe970b Credits WordFence Required...
PT-2022-23902 · Stealjs · Stealjs
Name of the Vulnerable Software and Affected Versions: stealjs steal version 2.2.4 Description: A Regular Expression Denial of Service ReDoS flaw was found in the input variable in main.js. This issue can cause a denial of service. Recommendations: For version 2.2.4, consider restricting the inpu...