CVE-2024-2036

The ApplyOnline – Application Form Builder and Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the aolmodalbox AJAX action in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with subscribe...

CVE-2024-9540 Sina Extension for Elementor <= 3.5.7 - Authenticated (Contributor+) Sensitive Information Exposure via Sina Modal Box Widget Elementor Template

The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets/advanced/sina-modal-box.php. This makes it possible for authenticated attackers, with Contributor-level access and...

WordPress Sina Extension for Elementor plugin <= 3.5.7 - Authenticated (Contributor+) Sensitive Information Exposure via Sina Modal Box Widget Elementor Template vulnerability

Authenticated Contributor+ Sensitive Information Exposure via Sina Modal Box Widget Elementor Template vulnerability discovered by Nishiv in WordPress Plugin Sina Extension for Elementor versions = 3.5.7...

PT-2024-18653 · WordPress · Applyonline

Name of the Vulnerable Software and Affected Versions: ApplyOnline – Application Form Builder and Manager plugin for WordPress versions up to, and including, 2.6 Description: The issue allows authenticated attackers with subscriber access or higher to view Application submissions due to a missing...

Cross site scripting

A Cross Site Scripting XSS vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box...

Cross site request forgery (csrf)

WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal box...