412 matches found
CVE-2024-11093 SG Helper <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload
The SG Helper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web...
CVE-2024-11093
CVE-2024-11093 concerns the WordPress plugin SG Helper (versions ≤ 1.0). The vulnerability is a Stored Cross‑Site Scripting via SVG file uploads, caused by insufficient input sanitization and output escaping. It requires authenticated access at Administrator level or higher, and can let the attac...
CVE-2024-9669
The File Manager Pro – Filester plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.8.5 via the 'fmlocale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute...
CVE-2024-9669
The CVE-2024-9669 entry describes an Local JavaScript File Inclusion vulnerability in WordPress File Manager Pro – Filester plugin (versions
CVE-2024-11009
CVE-2024-11009 affects the WordPress plugin Internal Linking for SEO traffic & Ranking – Auto internal links (100% automatic), vulnerable to time-based SQL Injection via the post_id parameter in all versions up to and including 1.2.1. The flaw stems from insufficient escaping of the user-supplied...
CVE-2024-9461
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.6 via the croninterval parameter. This is due to missing input validation and sanitization. This makes it possible f...
CVE-2024-9461
CVE-2024-9461 affects the WordPress plugin “Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid.” All versions up to and including 1.16.6 are vulnerable to Remote Code Execution via the cron_interval parameter due to missing input validation/sanitization. Exploitation requir...
CVE-2024-9887
The Login using WordPress Users WP as SAML IDP plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.15.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL quer...
CVE-2022-20652 Cisco Tetration Command Injection Vulnerability
A vulnerability in the web-based management interface and in the API subsystem of Cisco Tetration could allow an authenticated, remote attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is due to insufficient inpu...
CVE-2024-10038 WP-Strava <= 2.12.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
The WP-Strava plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
CVE-2024-9874
The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 5.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2024-9775 Anih - Creative Agency WordPress Theme <= 2024 - Authenticated (Administrator+) Stored Cross-Site Scripting
The Anih - Creative Agency WordPress Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2024 due to an incomplete blacklist, insufficient input sanitization, and output escaping. This makes it possible for authenticated...
CVE-2024-8512
The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script' parameter of the hookBeforeStartOptimization function. This is due to the plugin passing user supplied input to eval. This makes it possible for authenticated...
CVE-2024-34537
TYPO3 before 13.3.1 allows denial of service interface error in the Bookmark Toolbar ext:backend, exploitable by an administrator-level backend user account via manipulated data saved in the bookmark toolbar of the backend user interface. The fixed versions are 10.4.46 ELTS, 11.5.40 LTS, 12.4.21...
CVE-2024-34537
TYPO3 before 13.3.1 allows denial of service interface error in the Bookmark Toolbar ext:backend, exploitable by an administrator-level backend user account via manipulated data saved in the bookmark toolbar of the backend user interface. The fixed versions are 10.4.46 ELTS, 11.5.40 LTS, 12.4.21...
CVE-2024-8392 WordPress Post Grid Layouts with Pagination – Sogrid <= 1.5.6 - Authenticated (Admin+) Local File Inclusion
The WordPress Post Grid Layouts with Pagination – Sogrid plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.6 via the 'tab' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and...
CVE-2024-8392
CVE-2024-8392 affects WordPress plugin “Sogrid” (Post Grid Layouts with Pagination) for WordPress. The vulnerability is a Local File Inclusion (LFI) via the tab parameter in all versions up to and including 1.5.2, requiring Administrator-level access or higher. This enables an authenticated attac...
CVE-2024-20472
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validat...
CVE-2024-20471
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validat...
CVE-2024-20472
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validat...