131179 matches found
WordPress MasterStudy LMS plugin SQL Injection Vulnerability
WordPress MasterStudy LMS plugin is an online learning system plugin designed specifically for WordPress to support the creation, management and sale of online courses for educational institutions, individual lecturers and other scenarios. WordPress MasterStudy LMS plugin suffers from a SQL...
TOTOLINK A7000R urldecode function stack buffer overflow vulnerability
TOTOLINK A7000R is a wireless router from China's Gion Electronics TOTOLINK that supports WiFi7 technology for home or small business network environments. The TOTOLINK A7000R suffers from a stack buffer overflow vulnerability that originates from the ssid5g parameter in the urldecode function...
Tenda AX-3 get_parentControl_list_Info function stack buffer overflow vulnerability
Tenda AX-3 is a home smart wireless router from Tenda that supports Wi-Fi6 802.11ax standard for home networking environment. The Tenda AX-3 suffers from a stack buffer overflow vulnerability that originates from the deviceId parameter in the getparentControllistInfo function failing to properly...
TOTOLINK LR350 sub_422880 function stack buffer overflow vulnerability
TOTOLINK LR350 is a 4GLTE wireless router from China's Gion Electronics TOTOLINK that supports converting 4G signals to wired signals for home and office scenarios. The TOTOLINK LR350 suffers from a stack buffer overflow vulnerability, which stems from the failure of the ssid parameter in the...
TOTOLINK LR350 sub_421BAC function stack buffer overflow vulnerability
TOTOLINK LR350 is a 4GLTE wireless router from China's Gion Electronics TOTOLINK that supports converting 4G signals to wired signals for home and office scenarios. The TOTOLINK LR350 suffers from a stack buffer overflow vulnerability, which stems from the failure of the ssid parameter in the...
TOTOLINK LR350 sub_426EF8 function stack buffer overflow vulnerability
TOTOLINK LR350 is a 4GLTE wireless router from China's Gion Electronics TOTOLINK that supports converting 4G signals to wired signals for home and office scenarios. The TOTOLINK LR350 suffers from a stack buffer overflow vulnerability, which stems from the failure of the password parameter in the...
TOTOLINK LR350 sub_425400 function stack buffer overflow vulnerability
TOTOLINK LR350 is a 4GLTE wireless router from China's Gion Electronics TOTOLINK that supports converting 4G signals to wired signals for home and office scenarios. The TOTOLINK LR350 suffers from a stack buffer overflow vulnerability, which stems from the failure of the ssid parameter in the...
TOTOLINK LR350 sub_42396C function stack buffer overflow vulnerability
TOTOLINK LR350 is a 4GLTE wireless router from China's Gion Electronics TOTOLINK that supports converting 4G signals to wired signals for home and office scenarios. The TOTOLINK LR350 suffers from a stack buffer overflow vulnerability, which stems from the failure of the ssid parameter in the...
WordPress Post SMTP plugin Unauthorized Access to Data Vulnerability
WordPress Post SMTP plugin is a tool for solving WordPress website email sending problems, which realizes email sending through SMTP protocol and avoids emails that can't be sent or marked as spam due to server limitations. WordPress Post SMTP plugin suffers from an unauthorized access to data...
TOTOLINK A7000R sub_421A04 function stack buffer overflow vulnerability
TOTOLINK A7000R is a wireless router from China's Gion Electronics TOTOLINK that supports WiFi7 technology for home or small business network environments. The TOTOLINK A7000R suffers from a stack buffer overflow vulnerability, which stems from the failure of the wifiOff parameter in the sub421A0...
WordPress Blocksy Companion Plugin Cross-Site Scripting Vulnerability
WordPress Blocksy Companion Plugin is an official plugin designed for WordPress theme Blocksy to enhance the theme functionality with advanced customization options and integration tools. WordPress Blocksy Companion Plugin suffers from a cross-site scripting vulnerability that stems from the...
TOTOLINK A7000R sub_421CF0 function stack buffer overflow vulnerability
TOTOLINK A7000R is a wireless router from China's Gion Electronics TOTOLINK that supports WiFi7 technology for home or small business network environments. The TOTOLINK A7000R suffers from a stack buffer overflow vulnerability, which stems from the ssid5g parameter in the sub421CF0 function faili...
WordPress Inactive Logout plugin cross-site scripting vulnerability
WordPress Inactive Logout plugin is a WordPress security plugin for automatically terminating inactive user sessions to prevent unauthorized access. The WordPress Inactive Logout plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering...
Tenda AC8 Buffer Overflow Vulnerability
Tenda AC8 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC8 Hardware version v03.03.10.01, which originates from a boundary error in the UPnP service when handling untrusted input. An attacker can exploit this vulnerability to execute arbitrar...
News Portal Hardcoding Vulnerability
News Portal is a news portal. News Portal has a hard-coded vulnerability that stems from the use of a fixed encryption key for the handling of the SECRETKEY parameter in the file /onps/settings.py. An attacker could exploit this vulnerability to obtain sensitive system information...
Tenda AX-1803 Buffer Overflow Vulnerability
The Tenda AX-1803 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in the Tenda AX-1803 v1.0.0.1, which originates from the timeZone parameter in the formfastsettingwifiset function that fails to correctly validate the length of the input data, and can be...
WordPress Consulting plugin file inclusion vulnerability
WordPress Consulting plugin is a plugin that provides WordPress website optimization, security auditing, performance enhancement, etc. It is mainly used to help businesses or individual users to solve the technical problems of WordPress websites. WordPress Consulting plugin has a file inclusion...
School Fees Payment Management System /ajax.php?action=delete_course file SQL injection vulnerability
School Fees Payment Management System is a tuition payment management system. School Fees Payment Management System is vulnerable to a SQL injection vulnerability that stems from improper handling of unknown parameters in the /ajax.php?action=deletecourse file. No details of the vulnerability are...
WordPress Employee Spotlight plugin cross-site scripting vulnerability
WordPress Employee Spotlight plugin is a plugin for quickly searching and managing WordPress backend content, inspired by the Mac's Spotlight feature, which supports searching for posts, users, plugins, themes, etc., and provides real-time updating and editing features. The WordPress Employee...
Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Out-of-Bounds Write Vulnerabilities
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are vulnerable to an out-of-bounds write vulnerability that stems from the fact that...
WordPress Plugin WP Discourse Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WP Discourse, which stem...
Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Out-of-Bounds Write Vulnerabilities (CNVD-2025-27470)
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are vulnerable to an out-of-bounds write vulnerability that stems from the fact that...
WordPress Analytify Pro plugin information disclosure vulnerability
WordPress Analytify Pro plugin is a Google Analytics plugin designed for WordPress, mainly used in the WordPress background and front-end display of Google Analytics data, to simplify the process of analyzing website traffic and user behavior. WordPress Analytify Pro plugin has an information...
Unspecified vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29071)
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from a missing security header. No...
WordPress Ohio Extra plugin cross-site scripting vulnerability
WordPress Ohio Extra plugin is a free WordPress plugin designed specifically for the OceanWP theme to enhance the theme functionality and improve the site building experience. WordPress Ohio Extra plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...
WordPress Insert PHP Code Snippet plugin missing authorization vulnerability
WordPress Insert PHP Code Snippet plugin is a tool for inserting custom PHP code into posts or pages in WordPress, supporting secure execution of code snippets and managing code blocks. A lack of authorization vulnerability exists in WordPress Insert PHP Code Snippet plugin, which can be exploite...
WordPress Kleo plugin file inclusion vulnerability
WordPress Kleo plugin is a feature-rich portfolio of themes and plugins in the WordPress ecosystem, primarily used to build social networks, member communities and e-commerce platforms. WordPress Kleo plugin suffers from a file inclusion vulnerability that stems from improper file name control,...
WordPress Consulting Elementor Widgets plugin cross-site scripting vulnerability
WordPress Consulting Elementor Widgets plugin is a plugin for the Elementor page builder that allows users to add and customize website content with drag and drop functionality. The WordPress Consulting Elementor Widgets plugin suffers from a cross-site scripting vulnerability that stems from the...
WordPress Masterstudy plugin file inclusion vulnerability
WordPress Masterstudy plugin is a free learning management system plugin designed for WordPress. The WordPress Masterstudy plugin suffers from a file inclusion vulnerability that stems from improper control over the filename of include or request statements, which can be exploited by an attacker ...
WordPress Advanced Database Cleaner plugin cross-site request forgery vulnerability
WordPress Advanced Database Cleaner plugin a plugin for cleaning and optimizing WordPress databases to help users remove redundant data such as spam comments, old drafts, etc., improve site performance and reduce database size. The WordPress Advanced Database Cleaner plugin suffers from a...
WordPress Noo JobMonster plugin authentication bypass vulnerability
WordPress Noo JobMonster plugin is a recruitment theme on the WordPress platform, mainly used to build a job search and recruitment website, support for employers to post jobs, job seekers to submit resumes and other functions. WordPress Noo JobMonster plugin has an authentication bypass...
WordPress King Addons for Elementor plugin elevation of privilege vulnerability
WordPress King Addons for Elementor plugin is an extension plugin designed specifically for the Elementor page builder, offering a large number of preset templates, components, and features for quickly building WordPress websites. The WordPress King Addons for Elementor plugin suffers from an...
WordPress Depicter plugin cross-site request forgery vulnerability
WordPress Depicter plugin is a slider, popup and rotator image creation tool designed for WordPress, offering a no-code interface and rich customization features. The WordPress Depicter plugin suffers from a cross-site request forgery vulnerability, which originates from a web application that do...
WordPress Bard plugin cross-site request forgery vulnerability
WordPress Bard plugin is a tool used to stop chatbots such as Bard from crawling the content of your website, which is achieved by modifying the virtual robots.txt file. The WordPress Bard plugin suffers from a cross-site request forgery vulnerability that originates when a web application does n...
Dell Unity OS Command Injection Vulnerability (CNVD-2025-27586)
Dell Unity is a mid-range storage solution from Dell that supports file storage, block storage, and a variety of data services features designed to meet the needs of organizations for flexibility, cost-effectiveness, and simplicity. Dell Unity suffers from an operating system command injection...
Tenda AC10 Buffer Overflow Vulnerability
Tenda AC10 is a wireless router product from Tenda. A buffer overflow vulnerability exists in Tenda AC10 version 16.03.10.13, which originates from the mishandling of the getui parameter in the formSysRunCmd function in the /goform/SysRunCmd file. The vulnerability can be exploited to trigger a...
Tenda AC21 Buffer Overflow Vulnerability
Tenda AC21 is a wireless router product from Tenda. A buffer overflow vulnerability exists in Tenda AC21 version 16.03.08.16, which originates from improper manipulation of the startIp parameter of the formSetPPTPServer function in the /goform/SetPptpServerCfg file. The vulnerability can be...
Tenda A15 Buffer Overflow Vulnerability
Tenda A15 is a wireless router device from Tenda. A buffer overflow vulnerability exists in Tenda A15 version 15.13.07.13, which originates from the improper handling of the wpapskcrypto24g parameter in the fromSetWirelessRepeat function in the /goform/openNetworkGateway file. An attacker can...
D-Link DNS-343 ShareCenter Command Execution Vulnerability
The D-Link DNS-343 ShareCenter is a network storage device from China's AUO D-Link. The D-Link DNS-343 ShareCenter suffers from a command execution vulnerability that stems from insufficient input validation in the Mail Test feature, which can be exploited by an attacker to execute arbitrary...
WordPress Gutenberg plugin cross-site scripting vulnerability
The WordPress Gutenberg plugin is a block editor enhancement designed for WordPress to extend the default editor functionality with support for custom content layouts, data store optimization and RESTAPI integration. WordPress Gutenberg plugin suffers from a cross-site scripting vulnerability tha...
WordPress Community Events plugin cross-site scripting vulnerability
WordPress Community Events plugin is an event management plugin for the WordPress platform that allows users to create and display event calendars with support for AJAX dynamic loading and event submission form functionality. WordPress Community Events plugin suffers from a cross-site scripting...
Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Cross-Site Request Forgery Vulnerabilities
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 suffer from a cross-site request forgery vulnerability that is caused by imprope...
WordPress K Elements plugin cross-site scripting vulnerability
WordPress K Elements plugin is an extension to the Elementor page builder that provides preset templates, advanced widgets, and customization features to help users quickly create responsive websites. A cross-site scripting vulnerability exists in WordPress K Elements plugin, which stems from the...
TOTOLINK A7000R sub_4222E0 function stack buffer overflow vulnerability
TOTOLINK A7000R is a wireless router from China's Gion Electronics TOTOLINK that supports WiFi7 technology for home or small business network environments. The TOTOLINK A7000R suffers from a stack buffer overflow vulnerability, which stems from the ssid5g parameter in the sub4222E0 function faili...
Unspecified Vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29076)
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from disabling email server...
Dell Unity OS Command Injection Vulnerability (CNVD-2025-27583)
Dell Unity is a mid-range storage solution from Dell that supports file storage, block storage, and a variety of data services features designed to meet the needs of organizations for flexibility, cost-effectiveness, and simplicity. Dell Unity suffers from an operating system command injection...
WordPress Plugin Rank Math SEO Information Leakage Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Rank Math SEO.The...
WordPress Polylang plugin deserialization vulnerability
WordPress Polylang plugin is a multilingual WordPress plugin for creating and managing multilingual websites, supports switching from 1 to 10 or more languages, the core functionality is fully integrated with WordPress built-in features e.g. taxonomies without additional dependency on external...
Unspecified vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-27469)
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which can be exploited by an attacker to cause a...
Dell Unity OS Command Injection Vulnerability
Dell Unity is a mid-range storage solution from Dell that supports file storage, block storage, and a variety of data services features designed to meet the needs of organizations for flexibility, cost-effectiveness, and simplicity. Dell Unity suffers from an operating system command injection...