CVE-2022-47150

CVE-2022-47150 concerns CSRF in WordPress plugins referencing WooCommerce Conversion Tracking. Affected product: WooCommerce Conversion Tracking plugin for WordPress, versions up to and including 2.0.10. Underlying issue: Cross-Site Request Forgery, enabling unauthenticated or unauthorized action...

CVE-2023-33999

Technical details on CVE-2023-33999 are not provided in the supplied documents. Please monitor for updates from vendors/security advisories before assessing impact, affected products, or fixes.

CVE-2023-5502

CVE-2023-5502 affects Arista EOS platforms where 802.1x is configured on access/trunk ports and IP routing is enabled on the access VLAN; a malicious supplicant may bypass 802.1x authentication. Arista’s advisory 0096 documents affected EOS releases (e.g., 4.31.x, 4.30.x, 4.29.x, 4.28.x, 4.27.x, ...

CVE-2024-33288

The CVE-2024-33288 entry covers a SQL injection vulnerability in Prison Management System Using PHP v1.0, exposed on the Admin login page via the username parameter. Multiple connected sources document an authentication bypass PoC and public exploits targeting admin access (e.g., by injecting adm...

CVE-2024-33724

SOPlanning 1.52.00 is vulnerable to Cross Site Scripting (XSS) via the groupe_id parameter to process/groupe_save.php. Affected software is SOPlanning; the vulnerability arises in the groupe_id handling, enabling injection that can affect authenticated users and potentially hijack sessions (per C...

CVE-2023-42343

OpenCMS before 10.5.1 is vulnerable to a Cross-Site Scripting (XSS) issue via the CMIS online endpoint cmis-online/type. The vulnerability is described across multiple connected sources (CVE-2023-42343, EUVD-2023-46796, NVD/NVDC, and nuclei templates) as an XSS flaw in the /opencms/cmisatom/cmis-...

CVE-2024-31119

CVE-2024-31119 is a DOM-based XSS vulnerability in the WordPress plugin Special Box for Content by Vasilis Triantafyllou. The issue is described as an improper neutralization of input during web page generation, enabling DOM‑Based XSS. Affected version range is listed as from “n/a through 1” (i.e...

CVE-2024-35644

CVE-2024-35644 describes a DOM-based Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Preferred Languages” by Pascal Birchler. The issue is caused by improper input neutralization during web page generation, enabling DOM-based XSS. It affects versions from n/a through 2.2.2 of th...

CVE-2024-31118

CVE-2024-31118 affects the WordPress plugin SP Project & Document Manager (versions up to 4.70). The issue is a Missing Authorization vulnerability caused by incorrectly configured access control security levels, potentially enabling unauthorized access to project/document resources. Public sourc...

CVE-2022-25369

CVE-2022-25369 (Dynamicweb) affects Dynamicweb versions before 9.12.8, where an unauthenticated attacker can create a new administrator account due to a logic flaw in setup phase checks. After becoming the newly created admin, the attacker can upload an executable and achieve command execution (r...

CVE-2024-30547

CVE-2024-30547 is a DOM-based Cross-Site Scripting vulnerability in the WordPress plugin “Header Image Slider” where improper neutralization of input during web page generation allows DOM-based XSS. Affected: Header Image Slider versions up to 0.3. Root cause determined in connected sources as im...

CVE-2024-30461

CVE-2024-30461 affects Tumult Hype Animations (WordPress plugin) up to version 1.9.11. The issue is an DOM-based XSS caused by improper input neutralization during web page generation, enabling script execution in the context of a user’s browser. Public sources consistently describe this as a Cro...

CVE-2024-23511

CVE-2024-23511 describes a DOM-based XSS in POSIMYTH The Plus Addons for Elementor Page Builder Lite. Affected product: The Plus Addons for Elementor Page Builder Lite (WordPress plugin) with versions up to and including 5.3.3. Root cause: improper input handling during web page generation leadin...

CVE-2023-52212

CVE-2023-52212 describes a Cross-Site Request Forgery (CSRF) vulnerability in Automattic WP Job Manager, affecting versions up to 2.0.0. The connected sources identify WP Job Manager as the affected product, with the root cause being CSRF in the plugin’s handling of requests, enabling CSRF under ...

CVE-2023-50897

CVE-2023-50897 concerns the WordPress plugin Media File Renamer (WordPress plugin “Media File Renamer”). The vulnerability is described as an Unrestricted Upload of File with Dangerous Type that enables an attacker to perform an arbitrary file rename, which can lead to a Remote Code Execution (RC...

CVE-2023-49186

CVE-2023-49186 affects the WordPress plugin Machic Core (

CVE-2023-41656

CVE-2023-41656 is a broken access control vulnerability in the WordPress plugin Better Elementor Addons up to version 1.3.7, allowing exploitation of incorrectly configured access control security levels. The issue is categorized as Missing Authorization with a CVSSv3.1 base score of 5.4 (Medium)...

CVE-2023-52210

CVE-2023-52210 concerns the WordPress plugin “Product Delivery Date for WooCommerce – Lite” (Tyche) with versions up to 2.7.0. Connected patchstack data indicates the root cause is broken access control that allows unauthenticated access, potentially impacting availability or operation. A fix is ...

CVE-2023-47232

Affected software: WordPress plugin WP Affiliate Disclosure (wp-affiliate-disclosure). Vulnerability type & root cause: Broken access control exposing limited operations to subscribers due to CSRF-like issues in check_capability, as reported for versions up to 1.2.6. Impact: Unauthorized changes ...

EUVD-2020-5844

Malware in sbrugna...