WordPress Mikado Core plugin <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton in WordPress Plugin Mikado Core versions = 1.5.2...

WordPress Cab Grid Plugin <= 1.5.15 is vulnerable to Cross Site Scripting (XSS)

Software Cab Grid Type Plugin Vulnerable versions = 1.5.15 Fixed in 1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28533 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b5fcc0bdddbf Credits Yuki Haruma Required privilege...

CVE-2019-1010191

CVE-2019-1010191 affects the Ruby gem marginalia (and related advisories) before version 1.6. The vulnerability is SQL Injection: if a user controller argument is used as a component (e.g., a parameter or header), an attacker can inject arbitrary SQL queries via a vulnerable vector (header, HTTP ...

WordPress Plugin Freshmail 1.5.8 - SQL Injection

Exploit Title: Unauthenticated SQL Injection on Wordpress Freshmail 1 Google Dork: N/A Date: 05/05/2015 Exploit Author: Felipe Molina de la Torre @felmoltor Vendor Homepage: http://freshmail.com/ Version: getrow'select from '.$wpdb-prefix.'fmforms where formid="'.$result'fmformid'.'";'...