Alerts

The WordPress File Upload plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wfu_ajax_action_read_subfolders' function in all...

Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGlow JobBoard Job listing allows Upload a Web Shell to a Web Server.This issue affects JobBoard Job listing: from n/a through...

Deserialization of Untrusted Data vulnerability in Amento Tech Pvt ltd WPGuppy allows Object Injection.This issue affects WPGuppy: from n/a through 1.1.0.

Path Traversal vulnerability in SMSA Express SMSA Shipping allows Path Traversal.This issue affects SMSA Shipping: from n/a through 2.3.

Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Bus Ticket Booking with Seat Reservation allows Cross Site Request Forgery.This issue affects Bus Ticket Booking with Seat...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress:...

Incorrect Privilege Assignment vulnerability in AllAccessible Team Accessibility by AllAccessible allows Privilege Escalation.This issue affects Accessibility by AllAccessible: from n/a through 1.3.4.

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Abdul Hakeem Build App Online allows PHP Local File Inclusion.This...

Missing Authorization vulnerability in CubeWP CubeWP Forms – All-in-One Form Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP Forms –...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ? ?? (Minjun Kim) NAVER Analytics allows Stored XSS.This issue affects NAVER...