7 matches found
PT-2025-16939 · WordPress · The Ultimate Dashboard
Name of the Vulnerable Software and Affected Versions: The Ultimate Dashboard WordPress plugin versions prior to 3.8.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...
PT-2024-36344 · WordPress · Paypal Pay Now
Name of the Vulnerable Software and Affected Versions: PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin versions 1.7 and earlier Description: The issue concerns the PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin, which does not properly...
PT-2023-15219 · WordPress · Wp Easy Pay Wp Easypay – Square
Name of the Vulnerable Software and Affected Versions: WP Easy Pay WP EasyPay – Square for WordPress plugin versions = 4.1 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...
PT-2023-17156 · WordPress · Seopress
Name of the Vulnerable Software and Affected Versions: SEOPress WordPress plugin versions prior to 6.5.0.3 Description: The issue allows high-privilege users, such as admins, to perform PHP Object Injection when a suitable gadget is present, due to the unserialize of user input provided via the...
PT-2022-21789 · WordPress · Phlox
Name of the Vulnerable Software and Affected Versions: Shortcodes and extra features for Phlox theme WordPress plugin versions prior to 2.10.7 Description: The issue arises from the unserialize of the content of an imported file, which could lead to PHP object injection when a user imports a...
PT-2022-24039 · WordPress · Wpsmartcontracts
Name of the Vulnerable Software and Affected Versions: WPSmartContracts WordPress plugin versions prior to 1.3.12 Description: The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection. This can be exploit...
PT-2022-16549 · WordPress · Dw Promobar
Name of the Vulnerable Software and Affected Versions: DW Promobar WordPress plugin versions 1.0.0 through 1.0.4 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks when the unfiltered html capability is disallowed, for example in a...