CVE-2021-24193

Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the Visitor Traffic Real Time Statistics WordPress plugin before 2.12, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then blog, which...

CVE-2021-24160

In the Reponsive Menu free and Pro WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. These files could then be accessed via the front end of the site to trigger remote code execution and...

CVE-2020-36666

The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin before 1.0.9, real-estate-pro WordPress plugin before 1.7.1, institutions-directory WordPre...

CVE-2020-13878

IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write...

CVE-2020-13879

IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+214f heap-based out-of-bounds write...

CVE-2020-13880

IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write...

CVE-2020-7633

apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument...

CVE-2020-23765

A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server...

CVE-2019-20864

An issue was discovered in Mattermost Plugins before 5.13.0. The GitHub plugin allows an attacker to attach his Mattermost account to a different person's GitHub account...

CVE-2024-5878

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled SimpleLightbox JavaScript library version 2.1.5 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2018-16979

Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943...

CVE-2017-8777

Open-Xchange GmbH OX Cloud Plugins 1.4.0 and earlier is affected by: Missing Authorization...

CVE-2019-10078

A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable...

CVE-2012-3585

Heap-based buffer overflow in jpegls.dll in the JpegLS aka JLS plugin in the formats plugins in IrfanView PlugIns before 4.34 allows remote attackers to execute arbitrary code via a crafted JLS file...

CVE-2011-3994

Cross-site request forgery CSRF vulnerability in SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, allows remote attackers to hijack the authentication of...

CVE-2015-9500

The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js...

Oracle Linux 9 : gstreamer1-plugins-base (ELSA-2025-7243)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-7243 advisory. - Apply patches for CVE-2024-47538, CVE-2024-47541, CVE-2024-47542, CVE-2024-47600, CVE-2024-47607, CVE-2024-47615, CVE-2024-47835 Resolves: RHEL-70983...

Oracle Linux 9 : gstreamer1-plugins-good (ELSA-2025-7242)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-7242 advisory. - Apply patches for CVE-2024-47537, CVE-2024-47539, CVE-2024-47540 CVE-2024-47543, CVE-2024-47544, CVE-2024-47545, CVE-2024-47546, CVE-2024-47596,...

ch.admin.bit.jeap:jeap-messaging-avro-maven-plugin (>=8.31.0 <=8.50.0), ch.admin.bit.jeap:jeap-messaging-registry-maven-plugin (>=8.31.0 <=8.50.0) +166 more potentially affected by CVE-2025-4949 via org.eclipse.jgit:org.eclipse.jgit (=7.2.0.202503040940-r)

org.eclipse.jgit:org.eclipse.jgit MAVEN version =7.2.0.202503040940-r is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.jgit:org.eclipse.jgit and may be impacted: - ch.admin.bit.jeap:jeap-messaging-avro-maven-plugin =8.31.0, =8.31.0, =2.59.0,...

ch.admin.bit.jeap:jeap-messaging-avro-maven-plugin (>=8.31.0 <=8.50.0), ch.admin.bit.jeap:jeap-messaging-registry-maven-plugin (>=8.31.0 <=8.50.0) +166 more potentially affected by CVE-2025-4949 via org.eclipse.jgit:org.eclipse.jgit (=7.2.0.202503040940-r)

org.eclipse.jgit:org.eclipse.jgit MAVEN version =7.2.0.202503040940-r is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.jgit:org.eclipse.jgit and may be impacted: - ch.admin.bit.jeap:jeap-messaging-avro-maven-plugin =8.31.0, =8.31.0, =2.59.0,...