155 matches found
CVE-2024-12428 WP Data Access – App, Table, Form and Chart Builder plugin <= 5.5.22 - Unauthenticated SQL Injection
The WP Data Access – App, Table, Form and Chart Builder plugin plugin for WordPress is vulnerable to SQL Injection via the 'orderuserlogindir' parameter in all versions up to, and including, 5.5.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...
CVE-2024-11912 Traveler <= 3.1.6 - Unauthenticated SQL Injection via order_id
The Travel Booking WordPress Theme theme for WordPress is vulnerable to blind time-based SQL Injection via the ‘orderid’ parameter in all versions up to, and including, 3.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
CVE-2024-11711
CVE-2024-11711 affects the WP Job Portal – A Complete Recruitment System for WordPress plugin. Connected sources document an unauthenticated SQL Injection via the resumeid parameter in all versions up to 2.2.1 due to insufficient escaping and lack of proper SQL query preparation, enabling an atta...
CVE-2024-12578 Tickera – WordPress Event Ticketing <= 3.5.4.8 - Unauthenticated Customer Data Exposure
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.5.4.8 via the 'tickeraticketsinfo' endpoint. This makes it possible for unauthenticated attackers to extract sensitive data from bookings like full names, ema...
CVE-2024-12578
CVE-2024-12578 affects the Tickera – WordPress Event Ticketing plugin for WordPress. The vulnerability is an information disclosure via the unprotected tickera_tickets_info endpoint, allowing unauthenticated access to sensitive booking data (full names, email addresses, check-in/out timestamps, a...
CVE-2019-25221
CVE-2019-25221 affects the WordPress plugin Responsive Filterable Portfolio (versions ≤ 1.0.8). Root cause: insufficient escaping and lack of prepared statements in the SQL query, via the id parameter, enabling unauthenticated SQL injection to extract DB data. Evidence indicates the vendor patche...
CVE-2024-12270 Beautiful Taxonomy Filters <= 2.4.3 - Unauthenticated SQL Injection
The Beautiful taxonomy filters plugin for WordPress is vulnerable to SQL Injection via the 'selects0term' parameter in all versions up to, and including, 2.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2024-10247 YouTube Gallery and Vimeo Gallery Plugin <= 2.4.2 - Authenticated (Administrator+) SQL Injection
The Video Gallery – Best WordPress YouTube Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
Multiple Vulnerabilities in Veeam Backup & Replication
On Wednesday, September 4, 2024, backup and recovery software provider Veeam released their September security bulletin disclosing various vulnerabilities in Veeam products. One of the higher-severity vulnerabilities included in the bulletin is CVE-2024-40711, a critical unauthenticated remote co...
CVE-2024-3723
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via thi...
IBM Aspera Faspex Log Message Disclosure Vulnerability
IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM. A log information disclosure vulnerability exists in IBM Aspera Faspex, which can be exploited by an attacker to obtain sensitive information...
CVE-2024-0952 WP ERP <= 1.12.9 - Authenticated (Accounting Manager+) SQL Injection via id
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and lack of...
Sql injection
The Image vertical reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
Authentication flaw
Missing authentication in the StudentPopupDetailsStudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers...
Authentication flaw
Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers...
CVE-2023-27126
The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 EU on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the...
Pageflow vulnerable to sensitive user data extraction via Ransack query injection
Impact The attack allows extracting sensitive properties of database objects that are associated with users or entries belonging to an account that the attacker has access to. Pageflow uses the ActiveAdmin Ruby library to provide some management features to its users. ActiveAdmin relies on the...
Code injection
Solutions Atlantic Regulatory Reporting System RRS v500 is vulnerable to Local File Inclusion LFI. Any authenticated user has the ability to reference internal system files within requests made to the RRSWeb/maint/ShowDocument/ShowDocument.aspx page. The server will successfully respond with the...
CVE-2022-29597
Solutions Atlantic Regulatory Reporting System RRS v500 is vulnerable to Local File Inclusion LFI. Any authenticated user has the ability to reference internal system files within requests made to the RRSWeb/maint/ShowDocument/ShowDocument.aspx page. The server will successfully respond with the...
CVE-2021-45821
A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can extract sensitive data such as usernames and passwords and in some cases use this vulnerability in order...