181 matches found
WP User <= 7.0 - Unauthenticated SQLi
The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. id: CVE-2022-4049 info: name: WP User = 7.0 - Unauthenticated SQLi author: theamanrawat severity: critica...
WordPress WP Video Gallery <=1.7.1 - SQL Injection
WordPress WP Video Gallery plugin through 1.7.1 contains a SQL injection vulnerability. The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...
VoipMonitor - Pre-Auth SQL Injection
A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level. id: CVE-2022-24260 info: name: VoipMonitor - Pre-Auth SQL Injection author: gy741 severity: critical description: A SQL injection vulnerability in Voipmonitor GUI...
WordPress Order Listener for WooCommerce <3.2.2 - SQL Injection
WordPress Order Listener for WooCommerce plugin before 3.2.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute...
WordPress JoomSport <5.2.8 - SQL Injection
WordPress JoomSport plugin before 5.2.8 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operation...
Welcart eCommerce <=2.7.7 - Local File Inclusion
Welcart eCommerce 2.7.7 and before are vulnerable to unauthenticated local file inclusion. id: CVE-2022-41840 info: name: Welcart eCommerce =2.7.8 or apply the provided patch to fix the LFI vulnerability. reference: -...
WordPress MultiSafepay for WooCommerce <=4.13.1 - Arbitrary File Read
WordPress MultiSafepay for WooCommerce plugin through 4.13.1 contains an arbitrary file read vulnerability. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-33901 info:...
WordPress Fontsy <=1.8.6 - SQL Injection
WordPress Fontsy plugin through 1.8.6 is susceptible to SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative...
MasterStudy LMS <2.7.6 - Improper Access Control
WordPress MasterStudy LMS plugin before 2.7.6 is susceptible to improper access control. The plugin does not validate some parameters given when registering a new account, which can allow an attacker to register as an admin, thus potentially being able to obtain sensitive information, modify data...
WordPress Directorist <7.3.1 - Information Disclosure
WordPress Directorist plugin before 7.3.1 is susceptible to information disclosure. The plugin discloses the email address of all users in an AJAX action available to both unauthenticated and authenticated users. id: CVE-2022-2376 info: name: WordPress Directorist 7.3.1 - Information Disclosure...
Stock Ticker <= 3.23.2 - Cross-Site-Scripting
The Stock Ticker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in the ajaxstocktickersymbolsearchtest function in versions up to, and including, 3.23.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
WordPress KiviCare <2.3.9 - SQL Injection
WordPress KiviCare plugin before 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape some parameters before using them in SQL statements via the ajaxpost AJAX action with the getdoctordetails route. An attacker can possibly obtain sensitive information, modify...
Apache ShenYu Admin Unauth Access
Apache ShenYu suffers from an unauthorized access vulnerability where a user can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1. id: CVE-2022-23944 info: name: Apache ShenYu Admin Unauth Access author: cckuakilong severity: critical description: Apach...
WordPress Sunshine Photo Cart <2.9.15 - Cross-Site Scripting
WordPress Sunshine Photo Cart plugin before 2.9.15 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affecte...
SpeakOut Email Petitions < 2.14.15.1 - SQL Injection
The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dkspeakoutsendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users. id: CVE-2022-0846 info: name: SpeakOut Email...
WordPress Pricing Deals for WooCommerce <=2.0.2.02 - SQL Injection
WordPress Pricing Deals for WooCommerce plugin through 2.0.2.02 contains a SQL injection vulnerability. The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or...
WordPress VR Calendar <=2.3.2 - Remote Code Execution
WordPress VR Calendar plugin through 2.3.2 is susceptible to remote code execution. The plugin allows any user to execute arbitrary PHP functions on the site. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without...
microweber 1.2.18 - Cross-site Scripting
Cross-site Scripting XSS - Reflected in GitHub repository microweber/microweber prior to 1.2.18. id: CVE-2022-2174 info: name: microweber 1.2.18 - Cross-site Scripting author: r3Y3r53 severity: medium description: | Cross-site Scripting XSS - Reflected in GitHub repository microweber/microweber...
Jira Netic Group Export <1.0.3 - Missing Authorization
Jira Netic Group Export add-on before 1.0.3 contains a missing authorization vulnerability. The add-on does not perform authorization checks, which can allow an unauthenticated user to export all groups from the Jira instance by making a groupexportdownload=true request to a...
WordPress WPS Hide Login <1.9.1 - Information Disclosure
WordPress WPS Hide Login plugin before 1.9.1 is susceptible to incorrect authorization. An attacker can obtain the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user. This reveals the secret login location. id:...