CVE-2024-11740 Download Manager <= 3.3.03 - Unauthenticated Arbitrary Shortcode Execution

The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

WordPress plugin Download Manager 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...

WordPress WP Simple Pay Lite Manager Plugin <= 1.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin WP Simple Pay Lite Manager versions = 1.4...

CVE-2023-50373 WordPress Alt Manager plugin <= 1.6.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPSAAD Alt Manager alt-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Alt Manager: from n/a through = 1.6.1...

WordPress plugin Alt Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress plugin JS Job Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress WP Project Manager plugin <= 2.6.26 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Joshua Martinelle in WordPress Plugin WP Project Manager versions = 2.6.26...

WordPress plugin WP User Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-10520

CVE-2024-10520 (WP Project Manager, WordPress) The WP Project Manager plugin (v2.6.14 and earlier) is vulnerable to unauthorized data modification due to a missing capability check in Create_Milestone, Create_Task_List, Create_Task, and Delete_Task. This allows unauthenticated remote actors to cr...

WordPress plugin WP Project Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-39017 · WordPress · Download Manager

Name of the Vulnerable Software and Affected Versions: Download Manager WordPress plugin versions prior to 3.3.00 Description: The issue is related to the Download Manager WordPress plugin, where some shortcode parameters are not properly sanitized, leading to cross-site scripting. Recommendation...

WordPress plugin Download Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Smart Manager Plugin <= 8.45.0 is vulnerable to Broken Access Control

Software Smart Manager Type Plugin Vulnerable versions = 8.45.0 Fixed in 8.46.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-49687 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4f61d787da04 Credits Ananda Dhakal Patchstack...

WordPress MAS Companies For WP Job Manager plugin <= 1.0.13 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin MAS Companies For WP Job Manager versions = 1.0.13...

VulnCheck KEV: CVE-2018-25105

The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary files from the server and upload arbitrary...

WordPress plugin GDPR-Extensions-com-Consent Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress House Manager plugin <= 1.0.8.4 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin House Manager versions = 1.0.8.4...

CVE-2024-3973

The House Manager WordPress plugin through 1.0.8.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress House Manager Plugin <= 1.0.8.4 is vulnerable to Cross Site Scripting (XSS)

Software House Manager Type Plugin Vulnerable versions = 1.0.8.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3973 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cf2e1703476c Credits Bob Matyas Required...

WordPress Zephyr Project Manager plugin < 3.3.99 - Editor+ stored XSS vulnerability

Editor+ stored XSS vulnerability discovered by Adrian Peña Barragan in WordPress Plugin Zephyr Project Manager versions 3.3.99...