WordPress Live2DWebCanvas plugin <= 1.9.11 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Lucio Sá in WordPress Plugin Live2DWebCanvas versions = 1.9.11...

PT-2025-4083 · Code Projects · Code-Projects Simple Plugins Car Rental Management

Name of the Vulnerable Software and Affected Versions: code-projects Simple Plugins Car Rental Management version 1.0 Description: A critical issue has been found in the file "/admin/approve.php", where the manipulation of the id argument leads to SQL injection. The attack can be launched remotel...

gstreamer1-plugins-base and gstreamer1-plugins-good security update

gstreamer1-plugins-base 1.10.4-2.0.1 - Fixed CVE-2024-47607,CVE-2024-47538 and CVE-2024-47615 Orabug: 37407070 gstreamer1-plugins-good 1.10.4-2.0.1 - Fixes CVE-2024-47537, CVE-2024-47540, CVE-2024-47613 and - CVE-2024-47607 Orabug: 37407070...

GHSA-29QP-CRVH-W22M vulnerabilities

Vulnerabilities for packages: sftpgo-plugin-eventstore, sftpgo-plugin-kms, crossplane-provider-family-azure, kafka-proxy, crossplane-provider-aws-firehose, velero, crossplane-provider-aws-cloudfront, crossplane-provider-aws-sns, sftpgo, sftpgo-plugin-eventsearch,...

CVE-2024-45338 affecting package cni-plugins for versions less than 1.4.0-2

CVE-2024-45338 affecting package cni-plugins for versions less than 1.4.0-2. A patched version of the package is available...

Security update for podman

This update for podman fixes the following issues: CVE-2024-9676: github.com/containers/storage: Fixed symlink traversal vulnerability in the containers/storage library can cause Denial of Service DoS bsc1231698 Load iptables and ip6tables kernel module bsc1214612 Required for rootless mode as a...

CVE-2024-13448 ThemeREX Addons <= 2.32.3 - Unauthenticated Arbitrary File Upload in trx_addons_uploads_save_data

The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trxaddonsuploadssavedata' function in all versions up to, and including, 2.32.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

CVE-2025-24708

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CRM Perks WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-dynamics-crm allows Reflected XSS.This issue affects WP Dynamics CRM for Contact Form 7, WPForms,...

WordPress Plethora Plugins Tabs + Accordions plugin <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via anchor vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via anchor vulnerability discovered by Nishiv in WordPress Plugin Plethora Plugins Tabs + Accordions versions = 1.1.8...

OPENSUSE-SU-2025:14699-1 gstreamer-plugins-good-1.24.11-2.1 on GA media

These are all security issues fixed in the gstreamer-plugins-good-1.24.11-2.1 package on the GA media of openSUSE Tumbleweed...

CVE-2024-10633

The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.8.0 Business, up to, and including, 21.8.0 Developer, and up to, and including, 31.8.0 Agency. This is due to the software allowing users to...

CVE-2024-10574

The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ayssavegooglecredentials' function in all versions up to, and including, 8.8.0 Business, up to, and including, 21.8.0 Developer, and up...

CVE-2024-10628

The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 8.8.0 Business, up to, and including, 21.8.0 Developer, and up to, and including, 31.8.0 Agency due to insufficient escaping on the user...

CVE-2024-10628

The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 8.8.0 Business, up to, and including, 21.8.0 Developer, and up to, and including, 31.8.0 Agency due to insufficient escaping on the user...

CVE-2024-10633 Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Unauthenticated Arbitrary Shortcode Execution via content

The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.8.0 Business, up to, and including, 21.8.0 Developer, and up to, and including, 31.8.0 Agency. This is due to the software allowing users to...

CVE-2024-10574

CVE-2024-10574 details (WordPress Quiz Maker plugins): The vulnerability arises from a missing capability check in the ays_save_google_credentials function, allowing unauthenticated modification of Google Sheets credentials in Quiz Maker Business, Developer, and Agency plugins for WordPress. Affe...

CVE-2024-10636 Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Reflected DOM-Based Cross-Site Scripting via content

The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 8.8.0 Business, up to, and including, 21.8.0 Developer, and up to, and including, 31.8.0 Agency due to insufficien...

CVE-2024-10636 Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Reflected DOM-Based Cross-Site Scripting via content

The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 8.8.0 Business, up to, and including, 21.8.0 Developer, and up to, and including, 31.8.0 Agency due to insufficien...

CVE-2024-10636

The CVE pertains to the WordPress plugins Quiz Maker Business, Developer, and Agency. It is a Reflected Cross-Site Scripting via the content parameter in all versions up to 8.8.0 (Business), 21.8.0 (Developer), and 31.8.0 (Agency), caused by insufficient input sanitization and output escaping. At...

CVE-2024-10628

CVE-2024-10628 affects Quiz Maker Business, Developer, and Agency WordPress plugins. The vulnerability is an unauthenticated SQL Injection via the id parameter caused by insufficient escaping and lack of proper query preparation, enabling attackers to append SQL to existing queries and potentiall...