Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or...
8.8CVSS
9.2AI Score
0.001EPSS
The Easy SVG Support WordPress plugin before 3.3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS...
5.4CVSS
5.2AI Score
0.001EPSS
Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin before 1.2.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) id...
9.8CVSS
10AI Score
0.002EPSS
Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified...
8.8CVSS
8.8AI Score
0.001EPSS