WordPress Divi Carousel Lite plugin <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Carousel and Logo Carousel Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Carousel and Logo Carousel Widgets vulnerability discovered by Webbernaut in WordPress Plugin Divi Carousel Lite versions = 2.0.4...

GHSA-H7MF-QRM9-2848 OpenSymphony XWork vulnerable to improper input validation

XWork is an command-pattern framework that is used to power WebWork as well as other applications. Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language OGNL expression...

CVE-2022-0841

OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4...

PT-2020-6501 · Ibm · Ibm Data Risk Manager

Name of the Vulnerable Software and Affected Versions: IBM Data Risk Manager versions 2.0.1 through 2.0.4 Description: The issue is related to insufficient path validation in the IBM Data Risk Manager application, allowing a remote attacker to traverse directories and download arbitrary files by...

CVE-2018-11526

The plugin "WordPress Comments Import & Export" for WordPress v2.0.4 and before is vulnerable to CSV Injection...

Post Affiliate Pro 2.0.4 - &#039;index.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/15633/info Post Affiliate Pro is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of t...