Tagged: Cybersecurity Alert

A flaw has been found in ZhenShi Mibro Fit App 1.6.3.17499 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.xiaoxun.xunoversea.mibrofit. This manipulation causes improper export of android application...

Cross-Site Request Forgery (CSRF) vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS. This issue affects WooCommerce Booking Bundle Hours: from n/a through 0.7.4. More information : https://patchstack.com/database/wordpress/plugin/woo-booking-bundle-hours/vulnerability/wordpress-woocommerce-booking-bundle-hours-plugin-0-7-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themeum Tutor LMS allows SQL Injection. This issue affects Tutor LMS: from n/a through 3.7.4. More information : https://patchstack.com/database/wordpress/plugin/tutor/vulnerability/wordpress-tutor-lms-plugin-3-7-4-sql-injection-vulnerability?_s_id=cve

Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow allows Code Injection. This issue affects Mow: from n/a through 4.10. More information : https://patchstack.com/database/wordpress/theme/mow/vulnerability/wordpress-mow-theme-4-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

Missing Authorization vulnerability in frenify Categorify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Categorify: from n/a through 1.0.7.5. More information : https://patchstack.com/database/wordpress/plugin/categorify/vulnerability/wordpress-categorify-plugin-1-0-7-5-broken-access-control-vulnerability?_s_id=cve

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in PressTigers ZIP Code Based Content Protection allows SQL Injection. This issue affects ZIP Code Based Content Protection: from n/a through...

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPFactory Additional Custom Product Tabs for WooCommerce allows Stored XSS. This issue affects Additional Custom Product Tabs for WooCommerce: from n/a through...

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AntoineH Football Pool allows Stored XSS. This issue affects Football Pool: from n/a through 2.12.6. More information : https://patchstack.com/database/wordpress/plugin/football-pool/vulnerability/wordpress-football-pool-plugin-2-12-6-cross-site-scripting-xss-vulnerability?_s_id=cve

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Joe Dolson My Tickets allows Stored XSS. This issue affects My Tickets: from n/a through 2.0.22. More information : https://patchstack.com/database/wordpress/plugin/my-tickets/vulnerability/wordpress-my-tickets-plugin-2-0-22-cross-site-scripting-xss-vulnerability?_s_id=cve

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in silverplugins217 Dynamic Text Field For Contact Form 7 allows Stored XSS. This issue affects Dynamic Text Field For Contact Form 7: from...

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HasTech ShopLentor allows Stored XSS. This issue affects ShopLentor: from n/a through 3.2.0. More information : https://patchstack.com/database/wordpress/plugin/woolentor-addons/vulnerability/wordpress-shoplentor-plugin-3-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve

Missing Authorization vulnerability in recorp Export WP Page to Static HTML/CSS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Export WP Page to Static HTML/CSS: from n/a through 4.1.0. More information...

Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from n/a through 1.31.0. More information :...

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in pixeline Pixeline's Email Protector allows Stored XSS. This issue affects Pixeline's Email Protector: from n/a through 1.3.8. More information : https://patchstack.com/database/wordpress/plugin/pixelines-email-protector/vulnerability/wordpress-pixeline-s-email-protector-plugin-1-3-8-cross-site-scripting-xss-vulnerability?_s_id=cve