PT-2025-38114

Name of the Vulnerable Software and Affected Versions Quiz Maker plugin for WordPress versions prior to 6.7.0.57 Description The Quiz Maker plugin for WordPress is susceptible to SQL Injection due to insufficient escaping of user-supplied data and inadequate preparation of existing SQL queries...

SUSE CVE-2024-27316

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion...

PT-2023-32239 · WordPress · Wassup Real Time Analytics

Name of the Vulnerable Software and Affected Versions: WassUp Real Time Analytics WordPress plugin versions 1.9.4.5 and earlier Description: The issue allows unauthenticated users to perform Stored XSS attacks against logged in admins. This is due to the plugin not escaping IP address provided vi...

CVE-2023-5538

The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the IP Request Headers in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

DEBIAN-CVE-2016-8666

The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service stack consumption and panic or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a...