6 matches found
EUVD-2026-20548
An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device,...
WordPress FAQ Builder AYS Plugin <= 1.7.1 is vulnerable to Cross Site Scripting (XSS)
Software FAQ Builder AYS Type Plugin Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11458 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4525aff9e72c Credits vgo0 Required...
WordPress Shared Files Plugin < 1.7.1 is vulnerable to Cross Site Scripting (XSS)
Software Shared Files Type Plugin Vulnerable versions 1.7.1 Fixed in 1.7.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Tammersoft PSID 075a041bc160 Credits Rafie Muhammad Patchstack Required privile...
WordPress Contact Form to DB by BestWebSoft Plugin <= 1.7.1 is vulnerable to SQL Injection
Software Contact Form to DB by BestWebSoft Type Plugin Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-36508 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID d7318d25ca7b Credits LEE SE HYOUNG hackintoanetwork...
WordPress real-estate-pro Plugin < 1.7.1 is vulnerable to Privilege Escalation
Software real-estate-pro Type Plugin Vulnerable versions 1.7.1 Fixed in 1.7.1 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2020-36666 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID a8f610e7b2fc Credits Omar Badran Required privilege...
PT-2023-16915
Name of the Vulnerable Software and Affected Versions RapidLoad Power-Up for Autoptimize plugin for WordPress versions up to, and including, 1.7.1 Description The issue is due to missing or incorrect nonce validation on the clear page cache function, making it possible for unauthenticated attacke...