Medium
CVSS: 6.4
Yayın: 2025-01-04 12:15:24
The WP Multi Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, w…
Medium
CVSS: 6.1
Yayın: 2025-01-04 12:15:24
The WP Social AutoConnect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated att…
Medium
CVSS: 6.5
Yayın: 2025-01-04 12:15:22
The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to SQL Injection via the 'project_id' parameter of the /wp-json/pm/v2/projects/2/task-lists REST API endpoin…
Medium
CVSS: 6.1
Yayın: 2025-01-04 10:15:06
The Turnkey bbPress by WeaverTheme plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘_wpnonce’ parameter in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it…
Medium
CVSS: 5.3
Yayın: 2025-01-04 09:15:06
A vulnerability classified as critical has been found in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /details2.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack r…
Critical
CVSS: 9.9
Yayın: 2025-01-04 09:15:06
The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and sanitiz…
Medium
CVSS: 6.4
Yayın: 2025-01-04 09:15:05
The Taskbuilder – WordPress Project & Task Management plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppm_tasks shortcode in all versions up to, and including, 3.0.6 due to insufficient input sanitization an…
Medium
CVSS: 5.3
Yayın: 2025-01-04 08:15:06
A vulnerability was found in code-projects Online Shoe Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /details.php. The manipulation of the argument id leads to sql injection. The attack may be initia…
Medium
CVSS: 6.1
Yayın: 2025-01-04 08:15:06
The WP Smart Import : Import any XML File to WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ page’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escapi…
Medium
CVSS: 5.4
Yayın: 2025-01-04 08:15:06
The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.1. This is due to missing non…
Medium
CVSS: 6.1
Yayın: 2025-01-04 08:15:06
The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘custom_server’ parameter in all versions up to, and including, 6.30.03 due to insufficient input sanitization and…
Medium
CVSS: 6.1
Yayın: 2025-01-04 08:15:05
The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘smc_settings_tab', 'unattachfixit-action', and 'woofixit-action’ parameters in all versions up to, and including, 3.23 due to insufficient input…
High
CVSS: 8.8
Yayın: 2025-01-04 08:15:05
The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function. This makes it possible for unauthentic…
Medium
CVSS: 5.3
Yayın: 2025-01-04 07:15:18
A vulnerability was found in code-projects Student Management System 1.0. It has been declared as critical. This vulnerability affects the function showSubject1 of the file /config/DbFunction.php. The manipulation of the argument sid leads to sql inj…
Medium
CVSS: 5.1
Yayın: 2025-01-04 05:15:07
A vulnerability was found in TCS BaNCS 10. It has been classified as problematic. This affects an unknown part of the file /REPORTS/REPORTS_SHOW_FILE.jsp. The manipulation of the argument FilePath leads to file inclusion. The real existence of this v…
Medium
CVSS: 5.3
Yayın: 2025-01-04 04:15:05
A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user/update_account.php. The manipulation of the argument user…
Medium
CVSS: 5.3
Yayın: 2025-01-04 03:15:07
A vulnerability has been found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /user/search_num.php. The manipulation of the argume…
High
CVSS: 7.5
Yayın: 2025-01-04 02:15:07
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a mini…
High
CVSS: 8.0
Yayın: 2025-01-04 02:15:07
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS, where the application does not properly validate uploaded files. This allows the upload of potentially malicious file types, i…
Medium
CVSS: 5.7
Yayın: 2025-01-04 02:15:07
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored Cross-Site Scripting (XSS) vulnerability exists in the CMS, allowing malicious actors to inject and execute arbitrary JavaScript code, potentially comprom…