| Page(s) : 1 ... 233 234 235 236 237 238 239 240 241 242 [243] 244 245 246 247 248 249 250 251 252 253 ... | Result(s) : 298990 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2025-05-15 | CVE-2024-4002 | cve | The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as adm... |
| N/A | 2025-05-15 | CVE-2024-3996 | cve | The Smart Post Show WordPress plugin before 2.4.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cro... |
| N/A | 2025-05-15 | CVE-2024-3901 | cve | The Genesis Blocks WordPress plugin through 3.1.3 does not properly escape attributes provided to some of its custom blocks, making it possible for users allowed to write posts ... |
| 7.2 | 2025-05-15 | CVE-2024-13914 | cve | The File Manager Advanced Shortcode WordPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.4 (file-manager-advanced-short... |
| N/A | 2025-05-15 | CVE-2024-12767 | cve | The buddyboss-platform WordPress plugin before 2.7.60 lacks proper access controls and allows a logged-in user to view comments on private posts |
| N/A | 2025-05-15 | CVE-2024-0970 | cve | This User Activity Tracking and Log WordPress plugin before 4.1.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. |
| N/A | 2025-05-15 | CVE-2024-0852 | cve | The coreActivity: Activity Logging for WordPress plugin before 1.8.1 does not escape some request data when outputting it back in the admin dashboard, allowing unauthenticated u... |
| N/A | 2025-05-15 | CVE-2024-0249 | cve | The Advanced Schedule Posts WordPress plugin through 2.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scri... |
| N/A | 2025-05-15 | CVE-2023-7297 | cve | The TwitterPosts WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them v... |
| N/A | 2025-05-15 | CVE-2023-7239 | cve | The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the post_id parameter in its wpdn_update_note AJAX action. This allows users ... |
| N/A | 2025-05-15 | CVE-2023-7231 | cve | The illi Link Party! WordPress plugin through 1.0 lacks proper access controls, allowing unauthenticated visitors to delete links. |
| N/A | 2025-05-15 | CVE-2023-7230 | cve | The illi Link Party! WordPress plugin through 1.0 does not sanitize and escape some parameters, which could allow users with a role as low as admin to perform Cross-Site Scripti... |
| N/A | 2025-05-15 | CVE-2023-7229 | cve | The illi Link Party! WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them... |
| N/A | 2025-05-15 | CVE-2023-7228 | cve | The illi Link Party! WordPress plugin through 1.0 does not sanitise and escape some parameters, which could allow unauthenticated vistors to perform Cross-Site Scripting attacks. |
| N/A | 2025-05-15 | CVE-2023-7088 | cve | The Add SVG Support for Media Uploader | inventivo WordPress plugin through 1.0.5 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to u... |
| N/A | 2025-05-15 | CVE-2023-7086 | cve | The SVG Uploads Support WordPress plugin through 2.1.1 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG conta... |
| N/A | 2025-05-15 | CVE-2023-6786 | cve | The Payment Gateway for Telcell WordPress plugin through 2.0.1 does not validate the api_url parameter before redirecting the user to its value, leading to an Open Redirect issue |
| N/A | 2025-05-15 | CVE-2023-6541 | cve | The Allow SVG WordPress plugin before 1.2.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS p... |
| N/A | 2025-05-15 | CVE-2023-6030 | cve | The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wp_login_failed function (from src/Hooks/Users.php) in order to log failed login attempts to the database but it... |
| N/A | 2025-05-15 | CVE-2023-5934 | cve | The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.13 does not have CSRF check in place when importing settings from the v1, which could allow attacke... |
| Page(s) : 1 ... 233 234 235 236 237 238 239 240 241 242 [243] 244 245 246 247 248 249 250 251 252 253 ... | Result(s) : 298990 |
