| Page(s) : 1 ... 660 661 662 663 664 665 666 667 668 669 [670] 671 672 673 674 675 676 677 678 679 680 ... | Result(s) : 299868 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2025-03-25 | CVE-2024-11273 | cve | The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege use... |
| N/A | 2025-03-25 | CVE-2024-11503 | cve | The WP Tabs WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site S... |
| N/A | 2025-03-25 | CVE-2024-12109 | cve | The Product Labels For Woocommerce (Sale Badges) WordPress plugin before 1.5.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to pe... |
| N/A | 2025-03-25 | CVE-2024-12682 | cve | The Smart Maintenance Mode WordPress plugin before 1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Store... |
| N/A | 2025-03-25 | CVE-2024-12769 | cve | The Simple Banner WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-... |
| N/A | 2025-03-25 | CVE-2024-13118 | cve | The IP Based Login WordPress plugin before 2.4.1 does not have CSRF checks in some places, which could allow attackers to make logged in users delete all logs via a CSRF attack |
| N/A | 2025-03-25 | CVE-2024-13122 | cve | The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scr... |
| N/A | 2025-03-25 | CVE-2024-13123 | cve | The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scr... |
| N/A | 2025-03-25 | CVE-2024-13617 | cve | The aoa-downloadable WordPress plugin through 0.1.0 doesn't validate a parameter in its download function, allowing unauthenticated attackers to download arbitrary files fr... |
| N/A | 2025-03-25 | CVE-2024-13618 | cve | The aoa-downloadable WordPress plugin through 0.1.0 lacks authorization and authentication for requests to its download.php endpoint, allowing unauthenticated visitors to make r... |
| N/A | 2025-03-25 | CVE-2024-13863 | cve | The Stylish Google Sheet Reader 4.0 WordPress plugin before 4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Sit... |
| N/A | 2025-03-25 | CVE-2024-44903 | cve | SQL Injection can occur in the SirsiDynix Horizon Information Portal (IPAC20) through 3.25_9382; however, a patch is available from the vendor. This is in ipac.jsp in a SELECT W... |
| N/A | 2025-03-25 | CVE-2024-9770 | cve | The WP-Recall WordPress plugin before 16.26.12 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks |
| N/A | 2025-03-25 | CVE-2025-0717 | cve | To exploit the vulnerability, it is necessary: |
| 6.4 | 2025-03-25 | CVE-2025-0845 | cve | The DesignThemes Core Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.8 due to insufficient input s... |
| N/A | 2025-03-25 | CVE-2025-1452 | cve | The Favorites WordPress plugin before 2.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site ... |
| N/A | 2025-03-25 | CVE-2025-1798 | cve | The does not sanitise and escape some parameters when outputting them back in a page, allowing unauthenticated users the ability to perform stored Cross-Site Scripting attacks. |
| N/A | 2025-03-25 | CVE-2025-27809 | cve | Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls ... |
| N/A | 2025-03-25 | CVE-2025-27810 | cve | Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, ... |
| 5.3 | 2025-03-25 | CVE-2025-2224 | cve | The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access and modification of data due to a m... |
| Page(s) : 1 ... 660 661 662 663 664 665 666 667 668 669 [670] 671 672 673 674 675 676 677 678 679 680 ... | Result(s) : 299868 |
