75 matches found
WordPress DigitalOcean Spaces Sync plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin DigitalOcean Spaces Sync versions = 2.2.1...
WordPress Inspectlet – User Session Recording and Heatmaps plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin Inspectlet User Session Recording and Heatmaps versions = 2.0...
WordPress EC Stars Rating plugin <= 1.0.11 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin EC Stars Rating versions = 1.0.11...
CVE-2025-5927
The Everest Forms Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteentryfiles function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server,...
CVE-2023-3023
The WP EasyCart plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in versions up to, and including, 5.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2023-23981
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in QuantumCloud Conversational Forms for ChatBot plugin = 1.1.6 versions...
UBUNTU-CVE-2025-21806
In the Linux kernel, the following vulnerability has been resolved: net: let net.core.devweight always be non-zero The following problem was encountered during stability test: NULL netdevice: NAPI poll function processbacklog+0x0/0x530 \ returned 1, exceeding its budget of 0. ------------ cut her...
PT-2024-40087 · Unknown +1 · Phpspreadsheet +1
Name of the Vulnerable Software and Affected Versions: Kimai versions affected versions not specified PHPSpreadsheet versions affected versions not specified Description: The issue is related to an XXE vulnerability in PHPSpreadsheet, which is used by Kimai for importing and exporting invoices...
GHSA-G627-R579-RW35 Apache Pulsar: Improper Authorization For Topic-Level Policy Management
The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings. These management operations should be restricted to users with the tenant admin role or super user role. This issue affects Apache...
PT-2023-30239 · WordPress · Slick Popup: Contact Form 7 Popup Plugin
Name of the Vulnerable Software and Affected Versions: Slick Popup: Contact Form 7 Popup Plugin versions prior to 1.7.15 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin or higher privileges. This vulnerability can be...
PT-2023-23706 · WordPress · Radical Web Design Gdpr Cookie Consent Notice Box Plugin
Name of the Vulnerable Software and Affected Versions: Radical Web Design GDPR Cookie Consent Notice Box plugin versions 1.1.6 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability requires authentication with admin or higher...
CVE-2023-32292
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in GetButton Chat Button by GetButton.Io plugin = 1.8.9.4 versions...
CVE-2023-35833
An issue was discovered in YSoft SAFEQ 6 Server before 6.0.82. When modifying the URL of the LDAP server configuration from LDAPS to LDAP, the system does not require the password to be reentered. This results in exposing cleartext credentials when connecting to a rogue LDAP server. NOTE: the...
CVE-2023-3369
The About Me 3000 widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...
PT-2023-21710 · Unknown · Modern Footnotes
Name of the Vulnerable Software and Affected Versions: Modern Footnotes plugin versions prior to 1.4.16 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin or higher privileges. Recommendations: For versions prior to 1.4.16,...
PT-2023-21853 · Unknown · Cyberus Key
Name of the Vulnerable Software and Affected Versions: Cyberus Key plugin versions prior to 1.1 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin or higher privileges. Recommendations: For versions prior to 1.1, update to...
PT-2023-20391 · Unknown · Design Extreme We’Re Open!
Name of the Vulnerable Software and Affected Versions: Design Extreme We’re Open! plugin versions 1.46 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For Design Extreme We’re...
PT-2023-15313 · Unknown · Wsb Brands
Name of the Vulnerable Software and Affected Versions: WSB Brands plugin versions prior to 1.1.8 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin or higher privileges. Recommendations: For versions prior to 1.1.8, update ...
PT-2023-14546 · Unknown · Yannick Lefebvre Community Events
Name of the Vulnerable Software and Affected Versions: Yannick Lefebvre Community Events plugin versions = 1.4.8 Description: The issue is related to a Stored Cross-Site Scripting vulnerability that requires authentication with admin+ privileges. Recommendations: For versions = 1.4.8, update to a...
Vulnerabilities fixed in pfSense
Netgate has fixed vulnerabilities in pfSense. The vulnerabilities marked CVE-2022-26019, CVE-2021-41282 and CVE-2022-24299 allow a malicious party to execute arbitrary code or cause a denial-of-service. To exploit these vulnerabilities requires administrator privileges on the vulnerable device...