Alerts

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify Job Colors for WP Job Manager allows Stored XSS.This issue affects Job...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vault Group Pty Ltd VaultRE Contact Form 7 allows Stored XSS.This issue affects...

A vulnerability was found in Pagure. An argument injection in Git during retrieval of the repository history leads to remote code execution on the Pagure instance.

The Ultimate Dashboard – Custom WordPress Dashboard plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_module_actions function...

The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aws_search_terms shortcode in all versions up to, and including, 3.28 due to...

The Smart Maintenance Mode plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘setstatus’ parameter in all versions up to, and including, 1.5.2 due to insufficient input...

The SH Email Alert plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mid' parameter in all versions up to, and including, 1.0 due to insufficient input...

The Amazing service box Addons For WPBakery Page Builder (formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and...

The Ayyash Studio — The kick-start kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.3 due to insufficient input...

httpd.c in atophttpd 2.8.0 has an off-by-one error and resultant out-of-bounds read because a certain 1024-character req string would not have a final '\0' character.