CVE-2022-44384

An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-3933

The Essential Real Estate WordPress plugin before 3.9.6 does not sanitize and escapes some parameters, which could allow users with a role as low as Admin to perform Cross-Site Scripting attacks...

CVE-2025-39482 WordPress Eventer plugin < 3.11.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in imithemes Eventer eventer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventer: from n/a through 3.11.4...

WordPress plugin Eventer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-9933

The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.10.1. This is due to the 'watchtowerotatoken' default value is empty, and the not empty check is missing in the 'PasswordLessAccess::login' function. This makes it possible for...

CVE-2024-27126

A cross-site scripting XSS vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: Notes Station 3 3.9.6 and later...

CVE-2024-27122 Notes Station 3

A cross-site scripting XSS vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: Notes Station 3 3.9.6 and later...

QNAP Notes Station 安全漏洞

QNAP Systems QNAP Notes Station is a note-taking application from China Weilian Technology QNAP Systems. It allows users to create, edit and synchronize notes on QNAP NAS devices. The application is often tightly integrated with QNAP's NAS systems, providing users with a convenient way to record...

CVE-2024-21622 Craft CMS Privilege Escalation

Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensu...

PT-2024-18974 · Craft · Craft

Name of the Vulnerable Software and Affected Versions: Craft versions 3.x prior to 3.9.6 Craft versions 4.x prior to 4.4.16 Description: This is a potential moderate impact, low complexity privilege escalation issue in Craft with certain user permissions setups. The issue has been fixed in Craft...

WordPress EmbedPress Plugin < 3.9.5 is vulnerable to Cross Site Scripting (XSS)

Software EmbedPress Type Plugin Vulnerable versions 3.9.5 Fixed in 3.9.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6986 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 70b88b3fb530 Credits Ngô Thiên An ancorn Required...

Server side request forgery (ssrf)

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 only affects Kirby sites that use the Xml data handler e.g. Data::decode$string, 'xml' or the Xml::parse method in site or plugin code. The Kirby core does not use any of the...

CVE-2023-38490 Kirby XML External Entity (XXE) vulnerability in the XML data handler

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 only affects Kirby sites that use the Xml data handler e.g. Data::decode$string, 'xml' or the Xml::parse method in site or plugin code. The Kirby core does not use any of the...

CVE-2023-38490 Kirby XML External Entity (XXE) vulnerability in the XML data handler

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 only affects Kirby sites that use the Xml data handler e.g. Data::decode$string, 'xml' or the Xml::parse method in site or plugin code. The Kirby core does not use any of the...

PT-2023-26469 · Kirby · Kirby

Name of the Vulnerable Software and Affected Versions: Kirby versions prior to 3.5.8.3 Kirby versions prior to 3.6.6.3 Kirby versions prior to 3.7.5.2 Kirby versions prior to 3.8.4.1 Kirby versions prior to 3.9.6 Description: The issue affects all Kirby sites with user accounts, unless Kirby's AP...

WordPress MStore API Plugin <= 3.9.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software MStore API Type Plugin Vulnerable versions = 3.9.6 Fixed in 3.9.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3198 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8dddc497a1b9 Credits Truoc Phan Required...

WordPress MStore API Plugin <= 3.9.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software MStore API Type Plugin Vulnerable versions = 3.9.6 Fixed in 3.9.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3202 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7a8ee239bd4b Credits Truoc Phan Required...

WordPress MStore API Plugin <= 3.9.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software MStore API Type Plugin Vulnerable versions = 3.9.6 Fixed in 3.9.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3201 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID abb15f86de6f Credits Truoc Phan Required...

CVE-2022-4948

The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to interact with the plugin in...

CVE-2023-29236

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Cththemes Outdoor theme = 3.9.6 versions...