The EAN for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘alg_wc_ean_product_meta’ shortcode in all versions up to, and including, 4.8.7 due to insufficient input sanitization and output escaping...
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in AGILELOGIX Store Locator WordPress.This issue affects Store Locator WordPress: from n/a through 1.4.14. Date published : 2024-04-18 https://patchstack.com/database/vulnerability/agile-store-locator/wordpress-store-locator-wordpress-plugin-1-4-14-arbitrary-file-deletion-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in FormAssembly / Drew Buschhorn WP-FormAssembly allows Stored XSS.This issue affects WP-FormAssembly: from n/a through 2.0.10. Date published : 2024-04-18 https://patchstack.com/database/vulnerability/formassembly-web-forms/wordpress-wp-formassembly-plugin-2-0-10-cross-site-scripting-xss-vulnerability?_s_id=cve
Missing Authorization vulnerability in Support Genix.This issue affects Support Genix: from n/a through 1.2.3. Date published : 2024-04-18 https://patchstack.com/database/vulnerability/support-genix-lite/wordpress-support-genix-plugin-1-2-3-broken-access-control-lead-to-arbitrary-file-upload-vulnerability?_s_id=cve
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0. Date published : 2024-04-18 https://patchstack.com/database/vulnerability/catablog/wordpress-catablog-plugin-1-7-0-arbitrary-file-deletion-vulnerability?_s_id=cve
Cross-Site Request Forgery (CSRF) vulnerability in Pepro Dev. Group PeproDev CF7 Database.This issue affects PeproDev CF7 Database: from n/a through 1.8.0. Date published : 2024-04-18 https://patchstack.com/database/vulnerability/pepro-cf7-database/wordpress-peprodev-cf7-database-plugin-1-8-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately. Date...
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Secomea GateManager (Web GUI) allows Reading Data from System Resources.This issue affects GateManager: from 11.0.623074018 before 11.0.623373051. Date published : 2024-04-18...
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 4.4.7...
Controller denial of service due to improper handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. Date published : 2024-04-17 https://process.honeywell.com
Server communication with a controller can lead to remote code execution using a specially crafted message from the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. Date published : 2024-04-17 https://process.honeywell.com
Server information leak for the CDA Server process memory can occur when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. Date...
Server receiving a malformed message can cause a pointer to be overwritten which can result in a remote code execution or failure. See Honeywell Security Notification for recommendations on upgrading and versioning. Date published...
Server hostname translation to IP address manipulation which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning. Date published :...