Magánszemélyeknek

Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue affects Pandora FMS 774 through 778

The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.7. This is due to missing or incorrect nonce validation on the...

The Osom Blocks – Custom Post Type listing block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class_name’ parameter in all versions up to, and including, 1.2.1 due to...

The The Pack Elementor addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slider_options’ parameter in all versions up to, and including, 2.1.3 due to insufficient...

The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6 to 2.3.8. This is due to the plugin not properly verifying a user's identity prior to logging...

The FL3R Accessibility Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fl3raccessibilitysuite shortcode in all versions up to, and including, 1.4 due...

The DWT - Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.6. This is due to the plugin...

The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.18 via the args[url] parameter. This makes it...

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of a templating engine in all versions up to, and...

A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0. It has been rated as critical. Affected by this issue is the function plugin.buildMobilePopHtml of the file...