2429 matches found
CVE-2024-11487
A vulnerability has been found in Code4Berry Decoration Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /decoration/admin/btndatesreport.php of the component Between Dates Reports. The manipulation of the argument fromdate/todate leads to sql...
CVE-2024-51940
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sohelwpexpert WP Responsive Video my-wp-responsive-video allows DOM-Based XSS.This issue affects WP Responsive Video: from n/a through = 1.0...
CVE-2024-51940 WordPress WP Responsive Video plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sohelwpexpert WP Responsive Video my-wp-responsive-video allows DOM-Based XSS.This issue affects WP Responsive Video: from n/a through = 1.0...
CVE-2024-51940 WordPress WP Responsive Video plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in sohelwpexpert WP Responsive Video allows DOM-Based XSS.This issue affects WP Responsive Video: from n/a through 1.0...
CVE-2024-51940
CVE-2024-51940 describes a DOM-based Cross-Site Scripting vulnerability in the WordPress plugin WP Responsive Video . The issue is due to improper neutralization of input during Web Page Generation, affecting plugin versions from n/a through 1.0. The connected documents confirm the plugin is vuln...
WordPress AI Responsive Gallery Album plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin AI Responsive Gallery Album versions = 1.4...
CVE-2024-11305 Altenergy Power Control Software status_zigbee get_status_zigbee sql injection
A vulnerability classified as critical was found in Altenergy Power Control Software up to 20241108. This vulnerability affects the function getstatuszigbee of the file /index.php/display/statuszigbee. The manipulation of the argument date leads to sql injection. The attack can be initiated...
PT-2024-35074 · WordPress · Wp Responsive Video
Name of the Vulnerable Software and Affected Versions: WP Responsive Video versions 1.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows DOM-Based XSS. This means that an attacker cou...
WordPress AI Responsive Gallery Album Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS)
Software AI Responsive Gallery Album Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52467 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 558c5967b587 Credits Le Ngoc Anh Required...
WordPress plugin WP Responsive Video 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-52414
Deserialization of Untrusted Data vulnerability in Anthony Carbon WDES Responsive Mobile Menu wdes-responsive-mobile-menu allows Object Injection.This issue affects WDES Responsive Mobile Menu: from n/a through = 5.3.18...
CVE-2024-52414 WordPress WDES Responsive Mobile Menu plugin <= 5.3.18 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Anthony Carbon WDES Responsive Mobile Menu wdes-responsive-mobile-menu allows Object Injection.This issue affects WDES Responsive Mobile Menu: from n/a through = 5.3.18...
CVE-2024-11239
CVE-2024-11239 affects Landray EKP up to version 16.0, specifically the API Interface’s deleteFile function at /sys/common/import.do?method=deleteFile. The vulnerability stems from manipulation of the folder argument, enabling path traversal. It can be triggered remotely, and public disclosures e...
WordPress WDES Responsive Mobile Menu Plugin <= 5.3.18 is vulnerable to PHP Object Injection
Software WDES Responsive Mobile Menu Type Plugin Vulnerable versions = 5.3.18 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52414 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 3807cf50f771 Credits Mika Required privilege...
CVE-2024-11126 Digistar AG-30 Plus Login Page excessive authentication
A vulnerability was found in Digistar AG-30 Plus 2.6b. It has been classified as problematic. Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of excessive authentication attempts. The complexity of an attack is rather high. The...
CVE-2024-52358
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Cyberchimps Responsive Addons for Elementor allows DOM-Based XSS.This issue affects Responsive Addons for Elementor: from n/a through 1.5.4...
CVE-2024-51573
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ersatzpole ML Responsive Audio player with playlist Shortcode mlr-audio allows Stored XSS.This issue affects ML Responsive Audio player with playlist Shortcode: from n/a through = 0.2...
CVE-2024-52358 WordPress Responsive Addons for Elementor plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CyberChimps Responsive Addons for Elementor responsive-addons-for-elementor allows DOM-Based XSS.This issue affects Responsive Addons for Elementor: from n/a through = 1.5.4...
CVE-2024-52358
CVE-2024-52358 : In the WordPress plugin Responsive Addons for Elementor (Free Elementor Addons Plugin and Elementor Templates), an authenticated user can trigger a DOM-based Cross-Site Scripting (XSS) vulnerability through improper input handling during web page generation. Affected: Responsive ...
CVE-2024-51573
CVE-2024-51573 describes a stored XSS in the WordPress plugin ML Responsive Audio player with playlist Shortcode . Affected versions are 0.2 and earlier ; the issue arises from improper neutralization of inputs during web page generation. The provided documents do not include a confirmed fix/patc...