8 matches found
PT-2025-2107 · WordPress · Essential Real Estate
Name of the Vulnerable Software and Affected Versions: The Essential WP Real Estate plugin for WordPress versions up to, and including, 1.1.3 Description: The issue is caused by a missing capability check on the cl delete listing func function, allowing unauthorized access. This makes it possible...
WordPress CRM Perks Forms Plugin <= 1.1.3 is vulnerable to Arbitrary File Upload
Software CRM Perks Forms Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7484 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID c7c64ee12633 Credits István Márton Required privilege...
WordPress Bloglo Theme <= 1.1.3 is vulnerable to Cross Site Scripting (XSS)
Software Bloglo Type Theme Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35715 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 469488b623d7 Credits stealthcopter Required privilege Contributor...
WordPress CP Media Player Plugin <= 1.1.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software CP Media Player Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.2.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31941 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9a90502753a6 Credits Steven Julian...
WordPress Cuisine Palace Theme <= 1.1.3 is vulnerable to Cross Site Scripting (XSS)
Software Cuisine Palace Type Theme Vulnerable versions = 1.1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 37c5a3d00c1a Credits Rafie Muhammad Patchstack Required...
WordPress Semalt Blocker Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS)
Software Semalt Blocker Type Plugin Vulnerable versions = 1.1.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23794 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID fd1c7aaaef6e Credits Rio Darmawan Required...
WordPress WP-OliveCart Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS)
Software WP-OliveCart Type Plugin Vulnerable versions = 1.1.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47435 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 10d7b9455c85 Credits Team WeBoB Required privileg...
PT-2006-2938 · Unknown · Rechnungszentrale V2
Name of the Vulnerable Software and Affected Versions: RechnungsZentrale V2 versions 1.1.3 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the SQL injection vulnerability in the authent.php4 file, specifically via the Us...