| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unauthenticated Cross Site Scripting (XSS) in CformsII <= 15.1.3 versions. |
| Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker <= 4.9.31 versions. |
| Contributor PHP Object Injection in Post Duplicator <= 3.0.10 versions. |
| Unauthenticated SQL Injection in WP Maps <= 4.9.1 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed <= 2.3.2 versions. |
| Subscriber Insecure Direct Object References (IDOR) in EventPrime <= 4.3.0.0 versions. |
| Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25 versions. |
| Subscriber Broken Access Control in RepairBuddy <= 4.1132 versions. |
| Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions. |
| Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.8 versions. |
| Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Simple Membership <= 4.7.2 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions. |
| A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path. |
| The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wppro_get_overall_chart_data AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslashes() on user-supplied JSON strings prior to json_decode(), which removes the escaping applied by WordPress's wp_magic_quotes; the resulting decoded array values are then concatenated directly into SQL WHERE clauses without parameterization, and the constructed query is executed via $wpdb->get_results() without $wpdb->prepare(). This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The handler also returns the executed SQL string in its JSON response, which simplifies oracle construction for blind exploitation. |
| Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions. |
| Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions. |
| The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8. This is due to missing authorization checks on the wpfb_hide_review and wprp_save_review_admin AJAX handlers combined with insufficient path validation in the wpfb_hidereview_ajax() function, which uses strpos() to check that a stored media URL starts with the expected prefix but fails to sanitize path traversal sequences in the remaining relative path before passing it to unlink(). This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary files on the affected site's server which may make remote code execution possible. |
