Alerts

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOS through use after free.

The MIPL WC Multisite Sync plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.5 via the 'mipl_wc_sync_download_log' action. This makes it...

The Service Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it...

The WordPress File Upload plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wfu_ajax_action_read_subfolders' function in all...

Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGlow JobBoard Job listing allows Upload a Web Shell to a Web Server.This issue affects JobBoard Job listing: from n/a through...

Deserialization of Untrusted Data vulnerability in Amento Tech Pvt ltd WPGuppy allows Object Injection.This issue affects WPGuppy: from n/a through 1.1.0.

Path Traversal vulnerability in SMSA Express SMSA Shipping allows Path Traversal.This issue affects SMSA Shipping: from n/a through 2.3.

Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Bus Ticket Booking with Seat Reservation allows Cross Site Request Forgery.This issue affects Bus Ticket Booking with Seat...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress:...

Incorrect Privilege Assignment vulnerability in AllAccessible Team Accessibility by AllAccessible allows Privilege Escalation.This issue affects Accessibility by AllAccessible: from n/a through 1.3.4.