10 matches found
WordPress Templately plugin <= 3.6.1 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Templately versions = 3.6.1...
sigstore (>=3.6.0 <=3.6.1) potentially affected by CVE-2026-33753 via rfc3161-client (>=0.0.4 <=0.1.2)
rfc3161-client PYPI version =0.0.4, =3.6.0, =3.6.1 Source cves: CVE-2026-33753 Source advisory: OSV:GHSA-3XXC-PWJ6-JGRJ...
WordPress Pet-Manager – Petfinder plugin <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via kwm-petfinder Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via kwm-petfinder Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Pet-Manager – Petfinder versions = 3.6.1...
ALCASAR Security Vulnerabilities
ALCASAR is a free open source project from ALCASAR Open Source for managing Internet access on public, business or home networks. A security vulnerability exists in ALCASAR versions prior to 3.6.1 that stems from vulnerability to remote code execution attacks...
PT-2024-31166 · WordPress · Elementskit Pro
Name of the Vulnerable Software and Affected Versions: ElementsKit Pro plugin for WordPress versions up to, and including, 3.6.1 Description: The issue is related to Stored Cross-Site Scripting via the url parameter due to insufficient input sanitization and output escaping. This allows...
WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 3.6.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
AuthenticatedContributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin GiveWP versions = 3.6.1...
PT-2023-11889 · WordPress · Easy Testimonials
Name of the Vulnerable Software and Affected Versions: Easy Testimonials plugin for WordPress versions up to and including 3.6.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the saveCustomFields function. This allows unauthenticat...
PT-2023-22623 · Prestashop · Prestashop Scexportcustomers
Name of the Vulnerable Software and Affected Versions: PrestaShop scexportcustomers versions 3.6.1 and earlier Description: The issue is related to Incorrect Access Control due to a lack of permissions control. This allows a guest to access exports from the module, potentially leading to a leak o...
AZL-44820 CVE-2022-41940 affecting package js-jquery 3.5.0-4
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io...
Dell Wyse Management Suite 安全漏洞
Wyse Management Suite is a scalable solution for managing and optimizing Wyse endpoints from Dell, Inc. The product includes centralized management of Wyse endpoints, asset tracking and automated device discovery.Wyse Management Suite 3.6.1 and prior versions contain a security vulnerability that...