Riasztások

The A5 Custom Login Page WordPress plugin through 2.8.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be...

The Food Menu – Restaurant Menu & Online Ordering for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all...

The Ni Sales Commission For WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'niwoosc_ajax' AJAX endpoint in all versions up...

The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via dfxp File uploads in all versions up to, and including,...

The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae and...

The Link Fixer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via broken links in all versions up to, and including, 3.4 due to insufficient input sanitization and output...

A UAA configured with multiple identity zones, does not properly validate session information across those zones. A User authenticated against a corporate IDP can re-use their jsessionid to access...

The Order Export for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.24 via the 'uploads' directory. This makes it...

The Custom Login Page Styler – Limit Login Attempts – Restrict Content With Login – Redirect After Login – Change Login URL – Sign in , Sign out plugin for WordPress is vulnerable to unauthorized...

An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and /nonauth/guestConfirm.cs and /nonauth/expiration.cs pages is...