6 matches found
CVE-2026-2127 SiteOrigin Widgets Bundle <= 1.70.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and including, 1.70.4. This is due to a missing capability check on the siteoriginwidgetpreviewwidgetaction function which is registered via the...
WP Statistics < 14.0 - Authenticated SQLi
The plugin does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low privilege users to access it as well. Log...
Magmi XSS Vulnerability
A Cross-Site Scripting XSS was discovered in Magmi 0.7.22. The vulnerability exists due to insufficient filtration of user-supplied data prefix passed to the magmi-git-master/magmi/web/ajaxgettime.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the...
CVE-2021-40542
Opensis-Classic Version 8.0 is affected by cross-site scripting XSS. An unauthenticated user can inject and execute JavaScript code through the linkurl parameter in Ajaxurlencode.php...
vosgesemoi.fr Improper Access Control vulnerability
Open Bug Bounty ID: OBB-635275 Description| Value ---|--- Affected Website:| vosgesemoi.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Other Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...
SA-CONTRIB-2013-079 - Context - Multiple Vulnerabilities
Context allows you to manage contextual conditions and reactions for different portions of your site This advisory covers two separate issues. Arbitrary PHP Code Execution The first, and more severe issue Highly Critical status, is that the module allows execution of PHP code via manipulation of ...