For providers

The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae and...

The Link Fixer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via broken links in all versions up to, and including, 3.4 due to insufficient input sanitization and output...

A UAA configured with multiple identity zones, does not properly validate session information across those zones. A User authenticated against a corporate IDP can re-use their jsessionid to access...

The Order Export for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.24 via the 'uploads' directory. This makes it...

The Custom Login Page Styler – Limit Login Attempts – Restrict Content With Login – Redirect After Login – Change Login URL – Sign in , Sign out plugin for WordPress is vulnerable to unauthorized...

An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and /nonauth/guestConfirm.cs and /nonauth/expiration.cs pages is...

Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call.

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Podcast RSS Feed in all versions up to, and including,...

The WP DataTable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 0.2.6 due to insufficient input sanitization and...

Server-Side Request Forgery (SSRF) vulnerability in NotFound Oshine Modules. This issue affects Oshine Modules: from n/a through n/a.