Medium
CVSS: 4.3
Missing Authorization vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0…
Medium
CVSS: 6.5
Missing Authorization vulnerability in Kali Forms Contact Form builder with drag & drop - Kali Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form builder with drag & drop - Kali For…
Medium
CVSS: 4.3
Missing Authorization vulnerability in WowStore Team ProductX – Gutenberg WooCommerce Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProductX – Gutenberg WooCommerce Blocks: from n/a throug…
Medium
CVSS: 4.3
Missing Authorization vulnerability in BoldThemes Bold Timeline Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bold Timeline Lite: from n/a through 1.1.9.
Medium
CVSS: 4.3
Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customer Reviews for WooCommerce: from n/a through 5.36.0.
Medium
CVSS: 5.3
Missing Authorization vulnerability in AWSM Innovations WP Job Openings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Openings: from n/a through 3.4.1.
Medium
CVSS: 5.4
Missing Authorization vulnerability in Kishor Khambu WP Custom Widget area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Widget area: from n/a through 1.2.5.
Medium
CVSS: 4.3
Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through 3.6.8.
Medium
CVSS: 4.3
Missing Authorization vulnerability in Martin Gibson WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through 7.32.
Medium
CVSS: 5.3
Missing Authorization vulnerability in Schema App Schema App Structured Data allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Schema App Structured Data: from n/a through 1.23.1.
Medium
CVSS: 6.9
A vulnerability has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/form2Dhcpd.cgi of the component DHCPD Setting Handler. The…
Medium
CVSS: 6.9
A vulnerability, which was classified as critical, was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Affected is an unknown function of the file /goform/form2AdvanceSetup.cgi of the component WiFi Settings Handler. The manipulation lea…
Medium
CVSS: 6.9
A vulnerability, which was classified as critical, has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This issue affects some unknown processing of the file /goform/form2AddVrtsrv.cgi of the component Virtual Service Handler. The m…
Medium
CVSS: 6.9
A vulnerability classified as critical was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This vulnerability affects unknown code of the file /goform/DDNS of the component DDNS Service. The manipulation leads to improper access controls…
Medium
CVSS: 5.3
A vulnerability, which was classified as critical, has been found in code-projects Job Recruitment 1.0. This issue affects some unknown processing of the file /_parse/_call_main_search_ajax.php of the component Seeker Profile Handler. The m…
Medium
CVSS: 5.3
A vulnerability classified as critical was found in code-projects Job Recruitment 1.0. This vulnerability affects unknown code of the file /_parse/_call_job/search_ajax.php of the component Job Post Handler. The manipulation of the argument…
Medium
CVSS: 4.7
The AHAthat Plugin WordPress plugin through 1.6 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
Medium
CVSS: 5.9
The goodlayers-core WordPress plugin before 2.0.10 does not sanitise and escape some of its settings, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Medium
CVSS: 4.8
The wp-enable-svg WordPress plugin through 0.7 does not sanitize SVG files when uploaded, allowing for authors and above to upload SVGs containing malicious scripts
Medium
CVSS: 5.4
The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand() if no strong randomization module is present.