62 matches found
CVE-2022-0232
The User Registration, Login & Landing Pages WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the loadertext parameter found in the /includes/templates/landing-page.php file which allows attackers with administrative user access to inject arbitrary we...
EUVD-2021-25710
Malware in sbrugna...
EUVD-2021-25693
Malware in sbrugna...
EUVD-2025-4577
Malicious code in bioql PyPI...
CVE-2021-21992
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client HTML5 or vCenter Server vSphere Web Client FLEX/Flash may exploit this issue to create a denial-of-service...
CVE-2019-6616
On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, administrative users with TMSH access can overwrite critical system files on BIG-IP which can result in bypass of whitelist / blacklist restrictions enforced by appliance mode...
CVE-2025-1309
CVE-2025-1309 affects UiPress lite for WordPress. A missing capability check in uip_save_form_as_option() in all versions up to 3.5.04 allows authenticated users with Subscriber-level access or higher to modify arbitrary options, enabling privilege escalation (e.g., changing the default registrat...
CVE-2024-9193 WHMpress <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update
The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the whmpressdomainsearchajaxextendedresults function. This makes it possible for unauthenticated attackers to include and execute...
CVE-2024-34521
A directory traversal vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R10240, which allows an administrative user to access system files with the file permissions of the privileged system user running the application...
CVE-2024-12155
The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the settingsimport function in all versions up to, and including, 2.0.02. This makes it possible for unauthenticated attackers to...
CVE-2024-10589
The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the importsettings function in all versions up to, and including, 3.1.1. This makes it possible for authenticate...
CVE-2024-11194
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtclimportsettings' function in all versions up to, and including, 3.1.15.1. This...
CVE-2024-11194
CVE-2024-11194 affects the WordPress plugin Classified Listing – Classified ads & Business Directory Plugin (versions
CVE-2024-10589 Leopard <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the importsettings function in all versions up to, and including, 3.1.1. This makes it possible for authenticate...
CVE-2024-9235
The Mapster WP Maps plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to an insufficient capability check on the mapsterwpmapssetoptionfromjs function in all versions up to, and including, 1.5.0. This makes it possible for...
CVE-2024-9235 Mapster WP Maps <= 1.5.0 - Incorrect Authorization to Authenticated (Contributor+) Arbitrary Options Update
The Mapster WP Maps plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to an insufficient capability check on the mapsterwpmapssetoptionfromjs function in all versions up to, and including, 1.5.0. This makes it possible for...
CVE-2024-6447
The FULL – Cliente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the license plan parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping as well as missing authorization and capability checks on the related...
Cross site scripting
The Google Tag Manager for WordPress GTM4WP plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the gtm4wp-optionsscroller-contentid parameter found in the /public/frontend.php file which allowed attackers with administrative user access to inject arbitrary web...
CVE-2022-0210
The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the category parameter found in the /include/models/model.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and...
CVE-2022-0210 Random Banner <= 4.1.4 Admin+ Stored Cross-Site Scripting
The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the category parameter found in the /include/models/model.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and...