15744 matches found
CVE-2023-4950
The Interactive Contact Form and Multi Step Form Builder WordPress plugin before 3.4 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks...
CVE-2023-4300
The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution...
CVE-2023-4252
The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment...
CVE-2018-21003
The buddyforms plugin before 2.2.8 for WordPress has SQL injection...
CVE-2018-18576
The Hustle aka wordpress-popup plugin through 6.0.5 for WordPress allows Directory Traversal to obtain a directory listing via the views/admin/dashboard/ URI...
CVE-2018-6002
The Soundy Background Music plugin 3.9 and below for WordPress has Cross-Site Scripting via soundy-background-music\templates\front-end.php warsoundypreview parameter...
CVE-2018-19346
The u3d plugin 9.3.0.10809 aka plugins\U3DBrowser.fpi in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service out-of-bounds read or obtain sensitive information via a U3D sample because of a "Data from Faulting Address controls Branch Selection starting...
CVE-2021-28115
The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via the comment field of feedback during an edit operation...
CVE-2016-10889
The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name...
CVE-2016-10919
The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::addsiteurl method, a different vulnerability than CVE-2012-2633...
CVE-2016-10955
The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking...
CVE-2016-10874
The wp-database-backup plugin before 4.3.3 for WordPress has CSRF...
CVE-2016-10883
The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF for deleting users...
CVE-2016-10928
The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users...
CVE-2016-10916
The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319...
CVE-2016-10879
The wp-live-chat-support plugin before 6.2.02 for WordPress has XSS...
CVE-2016-10981
The kento-post-view-counter plugin through 2.8 for WordPress has stored XSS via kentopvcnumberslang, kentopvctodaytext, or kentopvctotaltext...
CVE-2016-10873
The wp-database-backup plugin before 4.3.3 for WordPress has XSS...
CVE-2016-10918
The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF...
CVE-2022-23110
Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...