Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in NotFound Include URL allows Path Traversal. This issue affects Include URL: from n/a through 0.3.5. Assigner : audit@patchstack.com More information :...
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NotFound Flickr set slideshows allows SQL Injection. This issue affects Flickr set slideshows: from n/a through 0.9. Assigner : audit@patchstack.com...
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jakeii Pesapal Gateway for Woocommerce allows Reflected XSS. This issue affects Pesapal Gateway for Woocommerce: from n/a through 2.1.0. Assigner : audit@patchstack.com...
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Tidekey allows Reflected XSS. This issue affects Tidekey: from n/a through 1.1. Assigner : audit@patchstack.com More information : https://patchstack.com/database/wordpress/plugin/tidekey/vulnerability/wordpress-tidekey-plugin-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Kento WordPress Stats allows Stored XSS. This issue affects Kento WordPress Stats: from n/a through 1.1. Assigner : audit@patchstack.com More information...
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in VarDump s.r.l. Advanced Post Search allows Reflected XSS. This issue affects Advanced Post Search: from n/a through 1.1.0. Assigner : audit@patchstack.com More...
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in David Tufts WP Cards allows Reflected XSS. This issue affects WP Cards: from n/a through 1.5.1. Assigner : audit@patchstack.com More information :...
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound OK Poster Group allows Reflected XSS. This issue affects OK Poster Group: from n/a through 1.1. Assigner : audit@patchstack.com More information...
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in crosstec Breezing Forms allows Reflected XSS. This issue affects Breezing Forms: from n/a through 1.2.8.11. Assigner : audit@patchstack.com More information : https://patchstack.com/database/wordpress/plugin/breezing-forms/vulnerability/wordpress-breezing-forms-plugin-1-2-8-11-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos allows Authentication Abuse. This issue affects Vitepos: from n/a through 3.1.4. Assigner : audit@patchstack.com More information : https://patchstack.com/database/wordpress/plugin/vitepos-lite/vulnerability/wordpress-vitepos-plugin-3-1-4-broken-authentication-vulnerability?_s_id=cve
The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files...
The Gutentor WordPress plugin before 3.4.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks Assigner : contact@wpscan.com More information : https://wpscan.com/vulnerability/f1414750-19ee-4a5d-b255-a9c20168b716/
The Avada (Fusion) Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin’s shortcodes in all versions up to, and including, 3.11.14 due to insufficient input sanitization and output...
The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import_single_post_as_csv() function in all versions up to, and...