The Check Plagiarism plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the chk_plag_mine_plugin_wpse10500_admin_action() function in all versions up to, and including, 2.0. This makes it...
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Aksis Technology Inc. Netty ERP allows SQL Injection.This issue affects Netty ERP: before V.1.1000. More information : https://www.usom.gov.tr/bildirim/tr-25-0359
The LLM Hubspot Blog Import plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘process_save_blogs’ AJAX endpoint in all versions up to, and including, 1.0.1....
The Quickcreator – AI Blog Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 0.0.9 to 0.1.17 through the /wp-content/plugins/quickcreator/dupasrala.txt file. This makes it possible for unauthenticated attackers to view the...
The Time Clock – A WordPress Employee & Volunteer Time Clock Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 1.3.1. This is...
The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to unauthorized access to functionality provided by the API due to a missing capability check on the verifyRequest function in all versions up...
The RapidResult plugin for WordPress is vulnerable to SQL Injection via the ‘s’ parameter in all versions up to, and including, 1.2. This is due to insufficient escaping on the user supplied parameter and...
The Microsoft Azure Storage for WordPress plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Deletion in all versions up to, and including, 4.5.1. This is due to missing capability checks on the ‘azure-storage-media-replace’...
The Originality.ai AI Checker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘ai_get_table’ function in all versions up to, and including, 1.0.12. This makes...
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Edge-Themes Edge CPT allows PHP Local File Inclusion.This issue affects Edge CPT: from n/a through 1.4. More information...
The WooCommerce Designer Pro plugin for WordPress, used by the Pricom – Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file uploads due to missing file type validation in the ‘wcdp_save_canvas_design_ajax’...
The Jeg Kit for Elementor WordPress plugin before 2.7.0 does not sanitize SVG file contents when uploaded via xmlrpc.php, leading to a cross site scripting vulnerability. More information : https://wpscan.com/vulnerability/cef78a77-c66d-4d62-8d49-140ca2d04d5b/
Pleasanter contains a stored cross-site scripting vulnerability in Preview for Attachments, which allows an attacker to execute an arbitrary script in a logged-in user’s web browser. More information : https://jvn.jp/en/jp/JVN20611740/
Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user’s web browser. More information : https://jvn.jp/en/jp/JVN20611740/