95 matches found
CVE-2023-3410
The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the Bricks Builder...
PT-2024-38455 · Peepso · The Community By Peepso
Name of the Vulnerable Software and Affected Versions: The Community by PeepSo plugin for WordPress versions up to, and including, 6.4.5.0 Description: The issue is related to Stored Cross-Site Scripting via the content parameter due to insufficient input sanitization and output escaping. This...
CVE-2024-8016
The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in widgets. This makes it possible for authenticated attackers, with administrator-level access and...
PT-2024-37686 · Fluent Forms · Contact Form Plugin By Fluent Forms
Name of the Vulnerable Software and Affected Versions: The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress versions up to, and including, 5.1.19 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input...
PT-2024-37278 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw in the LDAP testing endpoint allows an attacker with admin access to change the LDAP host URL to a machine they control, potentially leaking domain credentials. This can be achieved...
CVE-2024-3067
The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...
PT-2024-19630 · 10Web · The Photo Gallery
Name of the Vulnerable Software and Affected Versions: The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress versions up to, and including, 1.8.21 Description: The issue is related to Stored Cross-Site Scripting via SVG file uploads due to insufficient input sanitization...
PT-2024-22937 · WordPress · The Simple Ajax Chat
Name of the Vulnerable Software and Affected Versions: The Simple Ajax Chat – Add a Fast, Secure Chat Box plugin for WordPress versions up to, and including, 20231101 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and...
CVE-2023-7167
The Persian Fonts WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2024-14831 · WordPress · Backwpup
Name of the Vulnerable Software and Affected Versions: BackWPup plugin for WordPress versions up to, and including, 4.0.2 Description: The issue arises from the improper storage of backup destination passwords in plaintext, allowing authenticated attackers with administrator-level access to...
CVE-2024-1776
The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'form-id' parameter in all versions up to, and including, 1.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
PT-2024-20760 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 8.7.57 ELTS TYPO3 versions prior to 9.5.46 ELTS TYPO3 versions prior to 10.4.43 ELTS TYPO3 versions prior to 11.5.35 LTS TYPO3 versions prior to 12.4.11 LTS TYPO3 versions prior to 13.0.1 Description: The plaintext val...
CVE-2024-0668
The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'processbulkaction' function. This makes it possible for authenticated attacker, with administrator access and above, ...
PT-2024-15730 · WordPress · Meks Smart Social Widget
Name of the Vulnerable Software and Affected Versions: Meks Smart Social Widget plugin for WordPress versions up to, and including, 1.6.3 Description: The issue is related to Stored Cross-Site Scripting via the Meks Smart Social Widget, caused by insufficient input sanitization and output escapin...
CVE-2023-5120
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image file path parameter in versions up to, and including, 0.9.89 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...
CVE-2023-44265
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy Popup contact form plugin = 7.1 versions...
CVE-2023-36530
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Smartypants SP Project & Document Manager plugin = 4.67 versions...
CVE-2022-46408
Ericsson Network Manager ENM, versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager NCM where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker...
CVE-2023-34170
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WP Overnight Quick/Bulk Order Form for WooCommerce plugin = 3.5.7 versions...
CVE-2023-25963
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in JoomSky JS Job Manager plugin = 2.0.0 versions...