412 matches found
CVE-2024-7618
The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 6.4.5.0 due to insufficient input sanitization and output escaping. This makes it...
CVE-2024-20478
A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leadi...
CVE-2024-6011
The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textarea.description’ parameter in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-6669
The AI ChatBot for WordPress – WPBot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-12581
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.53 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-20473
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validat...
CVE-2024-0612
The Content Views – Post Grid, Slider, Accordion Gutenberg Blocks and Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-0703
The Sticky Buttons – floating buttons builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via sticky URLs in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-8680
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2023-6494
The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2022-4619
The Sidebar Widgets by CodeLights plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Extra CSS class’ parameter in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2022-4697
The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpusercoverdefaultimageurl’ parameter in versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2022-24260
A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level...
CVE-2020-6960
The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch,...
CVE-2025-4477
The ThreatSonar Anti-Ransomware from TeamT5 has a Privilege Escalation vulnerability, allowing remote attackers with intermediate privileges to escalate their privileges to highest administrator level through a specific API...
PT-2025-22341 · WordPress · The Glossary
Name of the Vulnerable Software and Affected Versions: The Glossary by WPPedia – Best Glossary plugin for WordPress versions up to, and including, 1.3.0 Description: The issue is related to PHP Object Injection via deserialization of untrusted input from the posttypes parameter. This allows...
CVE-2025-4477 TeamT5 ThreatSonar Anti-Ransomware - Privilege Escalation
The ThreatSonar Anti-Ransomware from TeamT5 has a Privilege Escalation vulnerability, allowing remote attackers with intermediate privileges to escalate their privileges to highest administrator level through a specific API...
CVE-2025-4477 TeamT5 ThreatSonar Anti-Ransomware - Privilege Escalation
The ThreatSonar Anti-Ransomware from TeamT5 has a Privilege Escalation vulnerability, allowing remote attackers with intermediate privileges to escalate their privileges to highest administrator level through a specific API...
CVE-2025-4477
CVE-2025-4477 concerns ThreatSonar Anti-Ransomware (TeamT5). Affected component is the API authorization/privilege management, where improper handling of specific API privileges allows remote attackers with intermediate privileges to escalate to administrator level via a particular API. Related e...
CVE-2025-2238 Vikinger <= 1.9.30 - Authenticated (Subscriber+) Privilege Escalation via 'vikinger_user_meta_update_ajax'
The Vikinger theme for WordPress is vulnerable to privilege in all versions up to, and including, 1.9.30. This is due to insufficient usermeta restrictions in the 'vikingerusermetaupdateajax' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...