Alerts

Improper handling of responses in GamingHub prior to version 6.1.04.6 in Korea, 7.1.03.7 in Global allows remote attackers to launch arbitrary activity.

Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent attackers to write file in arbitrary location.

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget...

The WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's...

The Form Data Collector plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.3 due to insufficient input...

The My auctions allegro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 3.6.17 due to insufficient...

The BP Profile Shortcodes Extra plugin for WordPress is vulnerable to time-based SQL Injection via the ‘tab’ parameter in all versions up to, and including, 2.6.0 due to insufficient escaping on...

The Quick License Manager – WooCommerce Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'submit_qlm_products' parameter in all versions up to, and...

The jAlbum Bridge plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ar’ parameter in all versions up to, and including, 2.0.15 due to insufficient input sanitization and...

The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...