Alerts

The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aws_search_terms shortcode in all versions up to, and including, 3.28 due to...

The Smart Maintenance Mode plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘setstatus’ parameter in all versions up to, and including, 1.5.2 due to insufficient input...

The SH Email Alert plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mid' parameter in all versions up to, and including, 1.0 due to insufficient input...

The Amazing service box Addons For WPBakery Page Builder (formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and...

The Ayyash Studio — The kick-start kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.3 due to insufficient input...

httpd.c in atophttpd 2.8.0 has an off-by-one error and resultant out-of-bounds read because a certain 1024-character req string would not have a final '\0' character.

The wp-svg-upload WordPress plugin through 1.0.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.

The Smart Maintenance Mode WordPress plugin before 1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site...

The Booknetic WordPress plugin before 4.1.5 does not have CSRF check when creating Staff accounts, which could allow attackers to make logged in admin add arbitrary Staff members via a CSRF attack

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the uagb block in all versions up to, and including, 2.19.0 due to insufficient input...