Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.4 views

CVE-2020-36875

AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code execution vulnerability in the Login Widget. The plugin processes the loginerror parameter as PHP code, allowing an attacker to supply and execute arbitrary PHP in the context of the WordPress web...

9.3CVSS8.5AI score0.00746EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/09 4:41 p.m.4 views

CVE-2020-36875 AccessAlly < 3.3.2 Unauthenticated Arbitrary PHP Code Execution

AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code execution vulnerability in the Login Widget. The plugin processes the loginerror parameter as PHP code, allowing an attacker to supply and execute arbitrary PHP in the context of the WordPress web...

9.3CVSS8.5AI score0.00746EPSS
Exploits0References3
CNVD
CNVD
added 2025/10/23 12:0 a.m.13 views

ChanCMS /cms/article/update file SQL injection vulnerability

ChanCMS is a content management system. A SQL injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which originates from the lack of validation of the parameter cid in the file /cms/article/update for externally entered SQL statements. An attacker can exploit this vulnerability t...

7.2CVSS8.2AI score0.00575EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2020/09/17 12:0 a.m.2 views

PT-2020-14257 · Helm +2 · Helm +2

Name of the Vulnerable Software and Affected Versions: Helm versions prior to 2.16.11 Helm versions prior to 3.3.2 Description: The issue arises from improper sanitization of plugin names, allowing a malicious plugin author to use characters that could result in unexpected behavior. This could...

8.5CVSS6AI score0.01517EPSS
Exploits1References37
Rows per page
Query Builder