CVE-2024-29836

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control, allowing for an unauthenticated attacker to update and add user profiles within the application, and gain full access of the site...

CVE-2021-24938

The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape the key parameter of the woocsupdateprofilesdata AJAX action available to any authenticated user before outputting it back in the response, leading to a Reflected cross-Site Scripting issue...