WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated HTML Content Injection

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection. id: CVE-2019-17233 info: name: WordPress Ultimate FAQs = 1.8.24 – Unauthenticated HTML Content Injection author: daffainfo severity: medium description: | Functions/EWDUFAQImport.ph...

CVE-2025-12049

Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the...

CVE-2025-11191 RealPress < 1.1.0 - Unauthenticated Content Creation/Email Sending via REST

The RealPress WordPress plugin before 1.1.0 registers the REST routes without proper permission checks, allowing the creation of pages and sending of emails from the site...

CVE-2024-7654 Unauthenticated Content Injection in OpenEdge Management web interface via ActiveMQ discovery service

An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated. Unauthorized access to the discovery service's UDP port allowed content injection into parts of the OEM web interface making it possible for other...

CVE-2024-1733

The Word Replacer Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wordreplacerultra function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update arbitrary content on the...

CVE-2021-4369

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Content Injection in versions up to, and including, 18.2. This is due to lacking authorization protections, checks against users editing other's posts, and lacking a security nonce, all on the wpfmeditfiletitledesc AJ...

CVE-2021-4369

The CVE-2021-4369 entry concerns the WordPress Frontend File Manager plugin. Concrete details in connected sources show that versions up to and including 18.2 are affected by Unauthenticated Content Injection due to missing authorization protections, missing checks for editing others’ posts, and ...

CVE-2021-4369 Frontend File Manager <= 18.2 - Unauthenticated Content Injection

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Content Injection in versions up to, and including, 18.2. This is due to lacking authorization protections, checks against users editing other's posts, and lacking a security nonce, all on the wpfmeditfiletitledesc AJ...

WordPress Frontend File Manager plugin <= 18.2 - Unauthenticated Content Injection and Stored XSS vulnerabilities

Unauthenticated Content Injection and Stored XSS vulnerabilities discovered by Jerome Bruandet NinTechNet in WordPress Frontend File Manager plugin versions = 18.2. Solution Update the WordPress Frontend File Manager plugin to the latest available version at least 18.3...

Code injection

Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks...