PayPal,Credit Card and Debit Card Payment SQL注入漏洞

PayPal,Credit Card and Debit Card Payment is a PayPal, Credit Card and Debit Card Payment software by janobe individual developer. A SQL injection vulnerability exists in PayPal,Credit Card and Debit Card Payment version 1.0. An attacker can use this vulnerability to send a specially crafted quer...

WordPress File Manager Pro Plugin <= 1.8.2 is vulnerable to Settings Change

Software File Manager Pro Type Plugin Vulnerable versions = 1.8.2 Fixed in 1.8.3 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-7031 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID dd2b25032f95 Credits bart Required privilege Subscriber...

WordPress UsersWP Plugin < 1.2.12 is vulnerable to Sensitive Data Exposure

Software UsersWP Type Plugin Vulnerable versions 1.2.12 Fixed in 1.2.12 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6477 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 23cb0cdd0abd Credits Majdeddine Ben Hadj Brahim Require...

WordPress collectchat Plugin < 2.4.4 is vulnerable to Cross Site Scripting (XSS)

Software collectchat Type Plugin Vulnerable versions 2.4.4 Fixed in 2.4.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6498 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0dd324fc130c Credits Fourcade Required privilege...

WordPress Horizontal scrolling announcements Plugin <= 2.4 is vulnerable to SQL Injection

Software Horizontal scrolling announcements Type Plugin Vulnerable versions = 2.4 Fixed in 2.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5000 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID a1ff35c414c3 Credits István Márton Required privilege...

Hackers Distributing Malicious Python Packages via Popular Developer Q&A Platform

In yet another sign that threat actors are always looking out for new ways to trick users into downloading malware, it has come to light that the question-and-answer Q&A platform known as Stack Exchange has been abused to direct unsuspecting developers to bogus Python packages capable of draining...

WordPress LiquidPoll – Advanced Polls for Creators and Brands Plugin <= 3.3.77 is vulnerable to Cross Site Scripting (XSS)

Software LiquidPoll – Advanced Polls for Creators and Brands Type Plugin Vulnerable versions = 3.3.77 Fixed in 3.3.78 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-39655 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a190a4c0c44f...

WordPress Filter & Grids Plugin <= 2.8.33 is vulnerable to Broken Authentication

Software Filter & Grids Type Plugin Vulnerable versions = 2.8.33 Fixed in 2.8.34 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-39664 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID bac0e0da8bce Credits RE-ALTER Required privileg...

WordPress Easy Digital Downloads Plugin <= 3.2.12 is vulnerable to SQL Injection

Software Easy Digital Downloads Type Plugin Vulnerable versions = 3.2.12 Fixed in 3.3.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-5057 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 19506d17360a Credits justakazh Required privilege...

WordPress Essential Addons for Elementor Plugin <= 5.9.26 is vulnerable to Cross Site Scripting (XSS)

Software Essential Addons for Elementor Type Plugin Vulnerable versions = 5.9.26 Fixed in 5.9.27 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-39649 Patch priority Low CVSS severity Low 6.5 Developer WPDeveloper PSID a786e5c76954 Credits wcraft Required privilege...

WordPress Message Filter for Contact Form 7 Plugin <= 1.6.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Message Filter for Contact Form 7 Type Plugin Vulnerable versions = 1.6.1.1 Fixed in 1.6.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-39647 Patch priority Medium CVSS severity Medium 7.1 Developer Kofi Mokome PSID 433c6253b9cb Credits Dimas Maulana...

WordPress Filter & Grids Plugin <= 2.9.2 is vulnerable to Cross Site Scripting (XSS)

Software Filter & Grids Type Plugin Vulnerable versions = 2.9.2 Fixed in 2.9.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-39665 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4cff851eecee Credits RE-ALTER Required privilege Contributor...

WordPress Ultimate Classified Listings Plugin < 1.4 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Classified Listings Type Plugin Vulnerable versions 1.4 Fixed in 1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6529 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1fa83322914e Credits Erwan LR...

WordPress Sign-up Sheets Plugin <= 2.2.12 is vulnerable to Broken Access Control

Software Sign-up Sheets Type Plugin Vulnerable versions = 2.2.12 Fixed in 2.2.13 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-39654 Patch priority Low CVSS severity Low 5.3 Developer Fetch Designs PSID bf5384db048d Credits Joshua Chan Required privilege...

WordPress VikRentCar Plugin <= 1.4.0 is vulnerable to SQL Injection

Software VikRentCar Type Plugin Vulnerable versions = 1.4.0 Fixed in 1.4.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-39653 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 3c514657eb13 Credits justakazh Required privilege Unauthenticated Publish...

Establishment Billing Management System SQL注入漏洞

Establishment Billing Management System is a billing management system by oretnom23 Individual Developer. An SQL injection vulnerability exists in the Establishment Billing Management System version 1.0, which stems from an incorrect operation of the username parameter that can lead to sql...

PT-2024-06: Reading arbitrary files in the component Web IDE in PT Application Inspector (PT AI)

The vulnerability was identified in PT AI affecting versions 4.4 to 4.7.2. The vulnerability can be exploited by an attacker with network access to the PT AI control server to read source code files of other user's projects. Exploitation of the vulnerability requires authorization of the...

WordPress WANotifier Plugin < 2.6.1 is vulnerable to Cross Site Scripting (XSS)

Software WANotifier Type Plugin Vulnerable versions 2.6.1 Fixed in 2.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6165 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c1bd8e60c4cb Credits Bob Matyas Required privilege...

Establishment Billing Management System SQL注入漏洞

Establishment Billing Management System is a billing management system by oretnom23 Individual Developer. An SQL injection vulnerability exists in the Establishment Billing Management System version 1.0, which stems from an incorrect manipulation of the parameter id that can lead to sql injection...

WordPress HTML Forms Plugin < 1.3.34 is vulnerable to Cross Site Request Forgery (CSRF)

Software HTML Forms Type Plugin Vulnerable versions 1.3.34 Fixed in 1.3.34 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6412 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 512deb690c57 Credits Bob Matyas Required...