Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:17 a.m.5 views

CVE-2023-2329

The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack...

8.8CVSS8.5AI score0.00386EPSS
Exploits2References1
OSV
OSV
added 2024/10/16 8:15 a.m.3 views

CVE-2024-9061

The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wpajaxnoprivshortcodeApiAdd AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action tha...

9.8CVSS6.1AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/06/20 11:15 a.m.4 views

CVE-2022-1472

The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection...

7.2CVSS7.4AI score0.01214EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/11/01 12:0 a.m.4 views

Apache DolphinScheduler SQL注入漏洞

Apache DolphinScheduler is a distributed, decentralized, and easily scalable visual DAG workflow task scheduling platform developed by the Apache Foundation. Dedicated to solving the intricate dependencies in the data processing process and making the scheduling system work out-of-the-box in the...

8.8CVSS5.9AI score0.01861EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/10/11 12:0 a.m.6 views

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin Weather Effect, which stems from the Weather Effect WordPress plugin prior to 1.3.6 not properly validating and escaping some settings e.g. size leaf, flake lea...

4.8CVSS5.1AI score0.00598EPSS
Exploits2References2
OSV
OSV
added 2020/12/11 11:15 a.m.2 views

UBUNTU-CVE-2020-7788

This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...

9.8CVSS6.7AI score0.03612EPSS
Exploits1References5
CNVD
CNVD
added 2019/11/28 12:0 a.m.16 views

ProFTPD 'tls_verify_crl' function authorization issue vulnerability

ProFTPD is a secure cloud printing solution from the ProFTPD team. The solution supports printing from laptops, desktops and mobile devices connected to printers. An authorization issue vulnerability exists in the 'tlsverifycrl' function in ProFTPD versions prior to 1.3.6. The vulnerability stems...

7.5CVSS7AI score0.01122EPSS
Exploits0References1
Rows per page
Query Builder