29 matches found
CVE-2024-3067
The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...
ABB Cylon Aspect 3.08.03 webServerDeviceLabelUpdate.php Denial of Service Vulnerability
ABB Cylon Aspect version 3.08.03 suffers from an authenticated arbitrary content injection vulnerability in the webServerDeviceLabelUpdate.php script due to a lack of input validation. Authenticated attackers can exploit the deviceLabel POST parameter to write arbitrary content to a fixed file...
CVE-2024-9872 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitasaveuserdatacallback function in all versions up to, and including, 4.5.1. This makes it possible for authenticated...
CVE-2024-22067
ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands...
CVE-2023-2439
The UserPro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userpro' shortcode in versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
SA-2023-08-08-CVE-2023-35083
SECURITY ADVISORY 08-08-2023 Product Affected: Ivanti Endpoint Manager A vulnerability was recently discovered for EPM 2022 SU3 and all previous versions. We have a Hotfix available to remediate this vulnerability that can be found by going to CVE-2023-35083 Full details. Please log into the...
CVE-2023-2304 Favorites <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userfavorites' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2022-4207
The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several values that can be added to an Image Hover in versions 9.8.1 to 9.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to...
Fortinet FortiMail Buffer Overflow Vulnerability
Fortinet FortiMail is a set of e-mail security gateway products of the U.S. Fita Fortinet. The product provides e-mail security and data protection features. A buffer overflow vulnerability exists in Fortinet FortiMail, which stems from a buffer size miscalculation in multiple instances. An...