AWStats < 6.95 - Open Redirect

An open redirect vulnerability in awredir.pl in AWStats 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. id: CVE-2009-5020 info: name: AWStats 6.95 - Open Redirect author: pdteam severity: medium description: An open...

WebPort 1.19.1 - Cross-Site Scripting

Web Port 1.19.1 is vulnerable to cross-site scripting via the /log type parameter. id: CVE-2019-12461 info: name: WebPort 1.19.1 - Cross-Site Scripting author: pikpikcu severity: medium description: Web Port 1.19.1 is vulnerable to cross-site scripting via the /log type parameter. impact: |...

Nagios XI v5.11.0 - SQL Injection

A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/bannermessage-ajaxhelper.php. id: CVE-2023-40931 info: name: Nagios XI v5.11.0 - S...

WordPress BruteGuard – Brute Force Login Protection plugin <= 0.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 Patchstack Alliance in WordPress Plugin BruteGuard – Brute Force Login Protection versions = 0.1.4...

CVE-2024-11114

Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

WordPress SrcSet Responsive Images for WordPress Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS)

Software SrcSet Responsive Images for WordPress Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51702 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c82eeab9d965 Credits João Pedro S...

WordPress BBP Core - Expand bbPress powered forums with useful features Plugin <= 1.2.5 is vulnerable to Cross Site Scripting (XSS)

Software BBP Core - Expand bbPress powered forums with useful features Type Plugin Vulnerable versions = 1.2.5 Fixed in 1.2.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9896 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownershi...

WordPress WP ERP Plugin <= 1.13.2 is vulnerable to Cross Site Scripting (XSS)

Software WP ERP Type Plugin Vulnerable versions = 1.13.2 Fixed in 1.13.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47640 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f966aa5626b2 Credits Le Ngoc Anh Required privilege...

WordPress Download Plugins and Themes from Dashboard Plugin <= 1.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Download Plugins and Themes from Dashboard Type Plugin Vulnerable versions = 1.9.1 Fixed in 1.9.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9232 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6207695f5b03...

WordPress KB Support Plugin <= 1.6.6 is vulnerable to Broken Access Control

Software KB Support Type Plugin Vulnerable versions = 1.6.6 Fixed in 1.6.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8632 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 987ce6d6ccaa Credits Krzysztof Zając Required...

WordPress Gravity Forms Toolbar Plugin <= 1.7.0 is vulnerable to Cross Site Scripting (XSS)

Software Gravity Forms Toolbar Type Plugin Vulnerable versions = 1.7.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8718 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 56480313412d Credits Webbernaut...

WordPress Spice Starter Sites Plugin <= 1.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Spice Starter Sites Type Plugin Vulnerable versions = 1.2.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44003 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5d2624fbd2e7 Credits Le Ngoc Anh Required privilege...

WordPress Waitlist Woocommerce ( Back in stock notifier ) Plugin <= 2.7.5 is vulnerable to Cross Site Scripting (XSS)

Software Waitlist Woocommerce Back in stock notifier Type Plugin Vulnerable versions = 2.7.5 Fixed in 2.7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8724 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7945c545837...

WordPress AZIndex Plugin <= 0.8.1 is vulnerable to Cross Site Scripting (XSS)

Software AZIndex Type Plugin Vulnerable versions = 0.8.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7687 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 093a060ad249 Credits Bob Matyas Required privileg...

WordPress WP Fast Total Search Plugin <= 1.68.232 is vulnerable to Cross Site Scripting (XSS)

Software WP Fast Total Search Type Plugin Vulnerable versions = 1.68.232 Fixed in 1.69.234 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-39663 Patch priority Medium CVSS severity Medium 7.1 Developer Epsiloncool PSID e7e1ae669a97 Credits justakazh Required...

WordPress Ali2Woo Lite Plugin <= 3.3.5 is vulnerable to Cross Site Scripting (XSS)

Software Ali2Woo Lite Type Plugin Vulnerable versions = 3.3.5 Fixed in 3.3.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37214 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6c5e8ef725e0 Credits Majed Refaea Required privilege...

WordPress Active Products Tables for WooCommerce Plugin <= 1.0.6.3 is vulnerable to Cross Site Scripting (XSS)

Software Active Products Tables for WooCommerce Type Plugin Vulnerable versions = 1.0.6.3 Fixed in 1.0.6.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35730 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 626f7ac96816 Credits Le Ng...

WordPress Customer Reviews for WooCommerce Plugin <= 5.47.0 is vulnerable to Cross Site Scripting (XSS)

Software Customer Reviews for WooCommerce Type Plugin Vulnerable versions = 5.47.0 Fixed in 5.48.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3731 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 75e280aac3db Credits...

WordPress Short URL Plugin <= 1.6.8 is vulnerable to Cross Site Scripting (XSS)

Software Short URL Type Plugin Vulnerable versions = 1.6.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32138 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0a08facb6222 Credits Dimas Maulana Required privilege...

WordPress Spiffy Calendar Plugin <= 4.9.7 is vulnerable to Cross Site Scripting (XSS)

Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.7 Fixed in 4.9.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30427 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID e5917dca625b Credits Dimas Maulana Required privileg...