10 matches found
UBUNTU-CVE-2026-40310
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in the JP2 encoder with when a user specifies an invalid sampling index. This issue has been fixed in versions 6.9.13-44 an...
EUVD-2025-26878
Malicious code in bioql PyPI...
WordPress CubeWP Framework Plugin <= 1.1.24 - Privilege Escalation Vulnerability
Privilege Escalation Vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin CubeWP versions = 1.1.24...
WordPress RSS Feed Pro Plugin <= 1.1.8 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin RSS Feed Pro versions = 1.1.8...
WordPress JetElements For Elementor Plugin <= 2.7.9 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by stealthcopter in WordPress Plugin JetElements For Elementor versions = 2.7.9...
WordPress Bit File Manager plugin <= 6.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Uploads vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting via SVG File Uploads vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin Bit File Manager versions = 6.7...
WordPress Small Package Quotes – Worldwide Express Edition plugin <= 5.2.19 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Mika in WordPress Plugin Small Package Quotes – Worldwide Express Edition versions = 5.2.19...
WordPress Checkout Mestres WP Plugin <= 8.6 is vulnerable to Local File Inclusion
Software Checkout Mestres WP Type Plugin Vulnerable versions = 8.6 Fixed in 8.6.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-44030 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID 15bf1846430c Credits tahu.datar Required privilege...
WordPress Easy!Appointments Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)
Software Easy!Appointments Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0698 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f1c6efbf20ae Credits wesley wcraft Required...
WordPress Booster Elite for WooCommerce Plugin < 7.1.3 is vulnerable to Content Injection
Software Booster Elite for WooCommerce Type Plugin Vulnerable versions 7.1.3 Fixed in 7.1.3 OWASP Top 10 A1: Broken Access Control Classification Content Injection CVE CVE-2023-51511 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1e2bd30a7dcc Credits Dave Jong...