Click to open the Alert Filter

 
Year Month
Severity
Categories
Search by Alert Name
Page(s) : 1 2 3 4 5 6 7 8 9 [10] 11 12 13 14 15 16 17 18 19 20 ... Result(s) : 192845

Alerts Feed Alerts

DATE NAME CATEGORIES DETAIL
N/A 2021-08-02 CVE-2021-24459 cve The get_results() and get_items() functions in the Survey Maker WordPress plugin before 1.5.6 did not use whitelist or validate the orderby parameter before using it in SQL stat...
N/A 2021-08-02 CVE-2021-24460 cve The get_fb_likeboxes() function in the Popup Like box – Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQ...
N/A 2021-08-02 CVE-2021-24461 cve The get_faqs() function in the FAQ Builder AYS WordPress plugin before 1.3.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to ...
N/A 2021-08-02 CVE-2021-24462 cve The get_gallery_categories() and get_galleries() functions in the Photo Gallery by Ays – Responsive Image Gallery WordPress plugin before 4.4.4 did not use whitelist or valida...
N/A 2021-08-02 CVE-2021-24463 cve The get_sliders() function in the Image Slider by Ays- Responsive Slider and Carousel WordPress plugin before 2.5.0 did not use whitelist or validate the orderby parameter befor...
N/A 2021-08-02 CVE-2021-24464 cve The YouTube Embed, Playlist and Popup by WpDevArt WordPress plugin before 2.3.9 did not escape, validate or sanitise some of its shortcode options, available to users with a rol...
N/A 2021-08-02 CVE-2021-24468 cve The Leaflet Map WordPress plugin before 3.0.0 does not escape some shortcode attributes before they are used in JavaScript code or HTML, which could allow users with a role as l...
N/A 2021-08-02 CVE-2021-24470 cve The Yada Wiki WordPress plugin before 3.4.1 did not sanitise, validate or escape the anchor attribute of its shortcode, leading to a Stored Cross-Site Scripting issue
N/A 2021-08-02 CVE-2021-24472 cve The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this pr...
N/A 2021-08-02 CVE-2021-24473 cve The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing users with the upload_image capability (by default author and above) to change and...
N/A 2021-08-02 CVE-2021-24474 cve The Awesome Weather Widget WordPress plugin through 3.0.2 does not sanitize the id parameter of its awesome_weather_refresh AJAX action, leading to an unauthenticated Reflected ...
N/A 2021-08-02 CVE-2021-24476 cve The Steam Group Viewer WordPress plugin through 2.1 does not sanitise or escape its "Steam Group Address" settings before outputting it in the page, leading to an authenticated ...
N/A 2021-08-02 CVE-2021-24477 cve The Migrate Users WordPress plugin through 1.0.1 does not sanitise or escape its Delimiter option before outputting in a page, leading to a Stored Cross-Site Scripting issue. Fu...
N/A 2021-08-02 CVE-2021-24478 cve The Bookshelf WordPress plugin through 2.0.4 does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored ...
N/A 2021-08-02 CVE-2021-24479 cve The DrawBlog WordPress plugin through 0.90 does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-S...
N/A 2021-08-02 CVE-2021-24480 cve The Event Geek WordPress plugin through 2.5.2 does not sanitise or escape its "Use your own " setting before outputting it in the page, leading to an authenticated (admin+) stor...
N/A 2021-08-02 CVE-2021-24481 cve The Any Hostname WordPress plugin through 1.0.6 does not sanitise or escape its "Allowed hosts" setting, leading to an authenticated stored XSS issue as high privilege users are...
N/A 2021-08-02 CVE-2021-24483 cve The get_poll_categories(), get_polls() and get_reports() functions in the Poll Maker WordPress plugin before 3.2.1 did not use whitelist or validate the orderby parameter before...
N/A 2021-08-02 CVE-2021-24484 cve The get_reports() function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before...
N/A 2021-08-02 CVE-2021-24488 cve The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly sanitised before being output back in the pages, lead...
Page(s) : 1 2 3 4 5 6 7 8 9 [10] 11 12 13 14 15 16 17 18 19 20 ... Result(s) : 192845