Alerts

WorkOS Hosted AuthKit before 2025-01-07 allows a password authentication MFA bypass (by enrolling a new authentication factor) when the attacker knows the user's password. No exploitation...

Missing Authorization vulnerability in bPlugins Animated Text Block allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Animated Text Block: from n/a through...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aaron D. Campbell Google Maps for WordPress allows DOM-Based XSS. This issue affects...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ignacio Perez Hover Image Button allows DOM-Based XSS. This issue affects Hover Image...

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in vinagecko VG PostCarousel allows PHP Local File Inclusion. This...

Cross-Site Request Forgery (CSRF) vulnerability in lizeipe Photo Gallery ( Responsive ) allows Privilege Escalation. This issue affects Photo Gallery ( Responsive ): from n/a through 4.0.

Cross-Site Request Forgery (CSRF) vulnerability in tiefpunkt Add Linked Images To Gallery allows Cross Site Request Forgery. This issue affects Add Linked Images To Gallery: from n/a through 1.4.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alobaidi Archive Page allows DOM-Based XSS. This issue affects Archive Page: from n/a...

Cross-Site Request Forgery (CSRF) vulnerability in seyyed-amir Erima Zarinpal Donate allows Cross Site Request Forgery. This issue affects Erima Zarinpal Donate: from n/a through 1.0.

Missing Authorization vulnerability in platcom WP-Asambleas allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP-Asambleas: from n/a through 2.85.0.