WordPress Responsive Owl Carousel for Elementor plugin <= 1.2.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by stealthcopter in WordPress Plugin Responsive Owl Carousel for Elementor versions = 1.2.0...

WordPress plugin Responsive Owl Carousel for Elementor Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

Master Slider - Responsive Touch Slider < 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'msslide' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'cssclass'...

Responsive video embed < 0.5.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC As a contributor, create a...

Responsive video embed < 0.5.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. As a contributor, create a post...

DRUPAL-CONTRIB-2024-023

This module enables you to create responsive image styles that depend on the parent element's width. The module doesn't sufficiently check access to rendered images, resulting in access bypass vulnerabilities in specific scenarios...

Image Sizes - Moderately critical - Access bypass - SA-CONTRIB-2024-023

This module enables you to create responsive image styles that depend on the parent element's width. The module doesn't sufficiently check access to rendered images, resulting in access bypass vulnerabilities in specific scenarios...

CVE-2024-5340

CVE-2024-5340 affects Ruijie RG-UAC (up to 20240516). The vulnerability is in the file /view/vpn/autovpn/sub_commit.php where manipulating the input key triggers an OS command injection . It can be exploited remotely, and public exploit details exist. The CVSS metrics in the initial data indicate...

CVE-2024-5338

CVE-2024-5338 affects Ruijie RG-UAC (up to 20240516). The issue is an OS command injection in an unknown function of the file /view/vpn/autovpn/online.php triggered by manipulating the peernode parameter. It can be exploited remotely, and the exploit has been disclosed publicly. Vendor involvemen...

PT-2024-30062 · WordPress · Responsive Contact Form Builder & Lead Generation Plugin

Name of the Vulnerable Software and Affected Versions: The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress versions up to, and including, 1.9.1 Description: The issue arises from the software's failure to properly validate a value before executing the do shortcode...

GHSA-7336-GHHP-F2QJ Shopware Remote Code Execution Vulnerability

Under certain circumstances, it’s possible to execute an unauthorized foreign code in Shopware in versions prior to 5.2.16. One possible threat is if a template that doesn’t derive from the Shopware standard has been completely copied. Themes or plugins that execute or overwrite the following...

CVE-2024-5043

A vulnerability was found in Emlog Pro 2.3.4 and classified as critical. Affected by this issue is some unknown functionality of the file admin/setting.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be...

CVE-2024-5043 Emlog Pro setting.php unrestricted upload

A vulnerability was found in Emlog Pro 2.3.4 and classified as critical. Affected by this issue is some unknown functionality of the file admin/setting.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be...

CVE-2024-4824

Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injection through the '/SchoolERP/officeadmin/' index in the parameters groupsid, examname, classesid, esvoucherid, esclass, etc. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and...

CVE-2024-4823

Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the index '/schoolerp/officeadmin/' in the parameters esbankacc, esbankname, esbankpin, escheckno, estellernumber, dc1 and dc2. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially...

CVE-2024-4822

Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the username and password parameters in '/index.php'. This vulnerability allows an attacker to partially take control of the victim's browser session...

CVE-2024-4822

Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the username and password parameters in '/index.php'. This vulnerability allows an attacker to partially take control of the victim's browser session...

CVE-2024-4824 SQL Injection in School ERP Pro+Responsive by AROX SOLUTION

Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injection through the '/SchoolERP/officeadmin/' index in the parameters groupsid, examname, classesid, esvoucherid, esclass, etc. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and...

CVE-2024-4824

CVE-2024-4824 affects School ERP Pro+Responsive 1.0. The vulnerability is an SQL injection in the /SchoolERP/office_admin/ page via parameters such as groups_id, examname, classes_id, es_voucherid, es_class, etc., allowing a remote attacker to execute crafted queries and potentially retrieve all ...

CVE-2024-4823 Cross-site Scripting in School ERP Pro+Responsive by AROX SOLUTION

Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the index '/schoolerp/officeadmin/' in the parameters esbankacc, esbankname, esbankpin, escheckno, estellernumber, dc1 and dc2. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially...