Insertion of Sensitive Information Into Sent Data vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through 3.0.1. More information : https://vdp.patchstack.com/database/wordpress/plugin/wedevs-project-manager/vulnerability/wordpress-wp-project-manager-plugin-2-6-29-sensitive-data-exposure-vulnerability?_s_id=cve
Missing Authorization vulnerability in Emraan Cheema CubeWP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CubeWP: from n/a through 1.1.27. More information : https://vdp.patchstack.com/database/wordpress/plugin/cubewp-framework/vulnerability/wordpress-cubewp-plugin-1-1-27-broken-access-control-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jakub Glos Off Page SEO allows Reflected XSS.This issue affects Off Page SEO: from n/a through 3.0.3. More information : https://vdp.patchstack.com/database/wordpress/plugin/off-page-seo/vulnerability/wordpress-off-page-seo-plugin-3-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kemal YAZICI Product Puller allows Reflected XSS.This issue affects Product Puller: from n/a through 1.5.1. More information : https://vdp.patchstack.com/database/wordpress/plugin/product-puller/vulnerability/wordpress-product-puller-plugin-1-5-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Sleekplan allows Reflected XSS.This issue affects Sleekplan: from n/a through 0.2.0. More information : https://vdp.patchstack.com/database/wordpress/plugin/sleekplan/vulnerability/wordpress-sleekplan-plugin-0-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Rakessh Ads24 Lite allows Reflected XSS.This issue affects Ads24 Lite: from n/a through 1.0. More information : https://vdp.patchstack.com/database/wordpress/plugin/wp-ad-management/vulnerability/wordpress-ads24-lite-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This vulnerability affects unknown code of the file /home/editrefugee.php. Such manipulation of the argument a/b/c/sex/d/e/nationality_nid leads to sql injection. The attack...
Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: < 6.14.1. SummaryThe arrayLimit option in qs does not enforce limits for bracket notation (a[]=1&a[]=2), allowing attackers to cause denial-of-service via...
A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown part of the file /home/editfood.php. This manipulation of the argument a/b/c/d causes sql injection. The attack may be...
A security flaw has been discovered in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/editrefugee.php. The manipulation of the argument rfid results in sql...
Authentication Bypass Using an Alternate Path or Channel vulnerability in Mobile Builder Mobile builder allows Authentication Abuse.This issue affects Mobile builder: from n/a through 1.4.2. More information : https://vdp.patchstack.com/database/wordpress/plugin/mobile-builder/vulnerability/wordpress-mobile-builder-plugin-1-4-2-broken-authentication-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.7.5. More information : https://vdp.patchstack.com/database/wordpress/plugin/custom-field-template/vulnerability/wordpress-custom-field-template-plugin-2-7-5-cross-site-scripting-xss-vulnerability?_s_id=cve
Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through 8.7.3. More information : https://vdp.patchstack.com/database/wordpress/plugin/mapsvg-lite-interactive-vector-maps/vulnerability/wordpress-mapsvg-plugin-8-7-3-arbitrary-file-upload-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Crocoblock JetSearch allows DOM-Based XSS.This issue affects JetSearch: from n/a through 3.5.16. More information : https://vdp.patchstack.com/database/wordpress/plugin/jet-search/vulnerability/wordpress-jetsearch-plugin-3-5-16-cross-site-scripting-xss-vulnerability?_s_id=cve