CVE-2022-0590

The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

PT-2026-1755

Name of the Vulnerable Software and Affected Versions NEX-Forms WordPress plugin versions prior to 9.1.8 Description The NEX-Forms WordPress plugin does not properly sanitise and escape certain settings. This configuration can allow subscribers to execute Stored Cross-Site Scripting attacks...

EUVD-2021-11566

Malware in sbrugna...

CVE-2021-24995

The HTML5 Responsive FAQ WordPress plugin through 2.8.5 does not properly sanitise and escape some of its settings, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

CVE-2024-0566

The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

CVE-2023-3545

Improper sanitisation in main/inc/lib/fileUpload.lib.php in Chamilo LMS = v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of .htaccess file. This vulnerability may be exploited ...

CVE-2023-3545

Improper sanitisation in main/inc/lib/fileUpload.lib.php in Chamilo LMS = v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of .htaccess file. This vulnerability may be exploited ...

Design/Logic Flaw

Improper sanitisation in main/inc/lib/fileUpload.lib.php in Chamilo LMS = v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of .htaccess file. This vulnerability may be exploited ...

PT-2023-31808 · WordPress · Bonus For Woo

Name of the Vulnerable Software and Affected Versions: Bonus for Woo WordPress plugin versions prior to 5.8.3 Description: The issue is related to Reflected Cross-Site Scripting, which occurs because some parameters are not properly sanitised and escaped before being outputted back in pages. This...

VulnCheck KEV: CVE-2022-4050

The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...

PT-2023-17011 · WordPress · The Slider

Name of the Vulnerable Software and Affected Versions: The Slider, Gallery, and Carousel by MetaSlider WordPress plugin version 3.29.0 Description: The issue is related to a Reflected Cross-Site Scripting that could be used against high privilege users such as admin. This occurs because the plugi...

CVE-2022-4547

The Conditional Payment Methods for WooCommerce WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin|users with a role as low as admin...

CVE-2022-3481

The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection...

CVE-2022-1268

The Donate Extra WordPress plugin through 2.02 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scripting...

8x8: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

The researcher found a possible HTML injection in one of our demo system webpages caused by improper sanitisation of input data. The issue was swiftly resolved...

Lodging Reservation Management System 1.0 - Authentication Bypass

Exploit Title: Lodging Reservation Management System 1.0 - Authentication Bypass Date: 2021-09-20 Exploit Author: Nitin Sharmavidvansh Vendor Homepage: https://www.sourcecodester.com/php/14883/lodging-reservation-management-system-php-free-source-code.html Software Link:...

Blood Bank System 1.0 - Authentication Bypass

Exploit Title: Blood Bank System 1.0 - Authentication Bypass Date: 30-9-2021 Exploit Author: Nitin Sharma vidvansh Vendor Homepage: https://code-projects.org/blood-bank-in-php-with-source-code/ Software Link : https://download.code-projects.org/details/f44a4ba9-bc33-48c3-b030-02f62117d230 Version...

Cross site scripting

The Cooked Pro WordPress plugin before 1.7.5.6 was affected by unauthenticated reflected Cross-Site Scripting issues, due to improper sanitisation of user input while being output back in pages as an arbitrary attribute...

dotProject Multiple XSS and SQLi Vulnerabilities

dotProject is prone to multiple cross-site scripting CSS and SQL injection SQLi vulnerabilities. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...