4454 matches found
TileServer API - Cross Site Scripting
tileserver-gl up to v4.4.10 was discovered to contain a cross-site scripting XSS vulnerability via the component /data/v3/?key. id: CVE-2024-35627 info: name: TileServer API - Cross Site Scripting author: DhiyaneshDK severity: medium description: | tileserver-gl up to v4.4.10 was discovered to...
WordPress SupportCandy plugin <= 3.4.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Abduljalal Saminu in WordPress Plugin SupportCandy versions = 3.4.8...
WordPress Dokan plugin <= 5.0.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin Dokan versions = 5.0.6...
WordPress Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms plugin <= 1.26.12 - Authenticated (Admin+) Local File Inclusion vulnerability
Authenticated Admin+ Local File Inclusion vulnerability discovered by Rahul Sreenivasan Tr0j4n in WordPress Plugin Happyforms versions = 1.26.12...
WordPress 777 theme <= 1.13.0 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Bonds in WordPress Theme 777 versions = 1.13.0...
WordPress Simply Schedule Appointments plugin <= 1.6.11.11 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by anhcd05 in WordPress Plugin Simply Schedule Appointments versions = 1.6.11.11...
WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.13 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by she11f in WordPress Plugin Client Invoicing by Sprout Invoices versions = 20.8.13...
WordPress Cart Lift plugin <= 3.1.57 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by dodoh4t in WordPress Plugin Cart Lift versions = 3.1.57...
WordPress Gift Vouchers plugin <= 4.7.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by xwii in WordPress Plugin Gift Vouchers versions = 4.7.0...
WordPress Open Shop theme <= 1.7.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by HaiND in WordPress Theme Open Shop versions = 1.7.1...
WordPress Booking and Rental Manager plugin <= 2.6.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by hhhai in WordPress Plugin Booking and Rental Manager versions = 2.6.9...
WordPress GD Security Headers plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by HaiND in WordPress Plugin GD Security Headers versions = 1.8...
PYSEC-2026-1309 Docassemble unauthorized access through URL manipulation
Impact The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. Patches The vulnerability has been patched in version 1.4.97 of the master branch. The Docker image on docker.io has been patched...
WordPress WPJAM Basic plugin <= 7.0 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by hhhai in WordPress Plugin WPJAM Basic versions = 7.0...
WordPress Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More plugin <= 2.2.0 - Other Vulnerability Type vulnerability
Other Vulnerability Type vulnerability discovered by dodoh4t in WordPress Plugin Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More versions = 2.2.0...
WordPress Flatsome theme <= 3.20.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Bonds in WordPress Theme Flatsome versions = 3.20.5...
WordPress Leedo theme <= 3.0.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Leedo versions = 3.0.0...
WordPress Aalto theme <= 1.8 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Aalto versions = 1.8...
WordPress Speaker plugin <= 4.1.13 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by w41bu1 in WordPress Plugin Speaker versions = 4.1.13...
WordPress WPIDE – File Manager & Code Editor plugin <= 3.5.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by dodoh4t in WordPress Plugin WPIDE – File Manager & Code Editor versions = 3.5.6...