9 matches found
WordPress plugin leadlovers forms 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress Hr Press Lite plugin <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Employee Information Exposure vulnerability
Missing Authorization to Authenticated Subscriber+ Sensitive Employee Information Exposure vulnerability discovered by WordFence in WordPress Plugin Hr Press Lite versions = 1.0.2...
CVE-2025-49896
CVE-2025-49896 is a CSRF vulnerability in the WordPress plugin WP Discord Post Plus – Supports Unlimited Channels, affecting versions up to 1.0.2. The CVSS 3.1 base score is 4.3 (Medium) with Network attack vector, No confidentiality/availability impact, but partial integrity impact and user inte...
WordPress WooCommerce Purchase Orders plugin <= 1.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability
Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by CVEhunter in WordPress Plugin WooCommerce Purchase Orders versions = 1.0.2...
PT-2025-5172 · Unknown · Foogallery Captions
Name of the Vulnerable Software and Affected Versions: FooGallery Captions versions 1.0.2 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows reflected cross-site scripting XSS. This enables attackers to inject malicious...
PT-2024-16645 · Ibphoenix · Ibphoenix Ibwebadmin
Name of the Vulnerable Software and Affected Versions: IBPhoenix ibWebAdmin versions up to 1.0.2 Description: A problem was found in the Tabelas Section, specifically in the file /toggle fold panel.php, where the manipulation of the argument p leads to cross-site scripting. This issue can be...
Galette security breach
Galette is an open source membership management web application for non-profit organizations. A security vulnerability exists in Galette versions prior to 1.0.0 through 1.0.2 that stems from the presence of an access control error vulnerability...
at.ac.ait.lablink.clients:csvclient (=0.0.1), at.ac.ait.lablink.clients:dpbridge (=0.0.1) +344 more potentially affected by CVE-2019-11777 via org.eclipse.paho:org.eclipse.paho.client.mqttv3 (>=1.0.2 <=1.2.0)
org.eclipse.paho:org.eclipse.paho.client.mqttv3 MAVEN version =1.0.2, =0.0.1, =0.0.2, =0.1.0, =1.0-RELEASE, =3.0.0.RELEASE, =2.2.0, =0.0.14, =0.0.15 and more Source cves: CVE-2019-11777 Source advisory: OSV:GHSA-63QC-P2X4-9FGF...
Siemens SIMATIC WinCC Sm@rtClient app information disclosure vulnerability (CNVD-2015-00426)
Siemens SIMATIC WinCC is the monitoring control and data acquisition SCADA and HMI system. An information disclosure vulnerability exists in the Siemens SIMATIC WinCC Sm@rtClient app prior to version 1.0.2, which allows an attacker to extract passwords from srage via an unspecified vector...