| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unrestricted Upload of File with Dangerous Type vulnerability in STAGGS STAGGS staggs allows Upload a Web Shell to a Web Server.This issue affects STAGGS: from n/a through <= 2.11.0. |
| Missing Authorization vulnerability in Keylor Mendoza WC Pickup Store wc-pickup-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WC Pickup Store: from n/a through <= 1.8.9. |
| Cross-Site Request Forgery (CSRF) vulnerability in Igor Yavych Simple Rating simple-rating allows Stored XSS.This issue affects Simple Rating: from n/a through <= 1.4. |
| The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.139 via the 'post_attachment_upload' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with author-level access and above, to attach arbitrary image files to arbitrary places. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetProductGallery jet-woo-product-gallery allows Stored XSS.This issue affects JetProductGallery: from n/a through <= 2.2.0.2. |
| Improper Control of Generation of Code ('Code Injection') vulnerability in WPFactory Product XML Feed Manager for WooCommerce product-xml-feeds-for-woocommerce allows Remote Code Inclusion.This issue affects Product XML Feed Manager for WooCommerce: from n/a through <= 2.9.3. |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Alex Githatu BuddyPress XProfile Custom Image Field buddypress-xprofile-image-field allows Path Traversal.This issue affects BuddyPress XProfile Custom Image Field: from n/a through <= 3.0.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Map Locations cm-map-locations allows Reflected XSS.This issue affects CM Map Locations: from n/a through <= 2.1.6. |
| Incorrect Privilege Assignment vulnerability in Brainstorm Force SureDash suredash allows Privilege Escalation.This issue affects SureDash: from n/a through <= 1.0.3. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Cena Store cena allows PHP Local File Inclusion.This issue affects Cena Store: from n/a through <= 2.11.26. |
| Cross-Site Request Forgery (CSRF) vulnerability in gtlwpdev All push notification for WP all-push-notification allows Blind SQL Injection.This issue affects All push notification for WP: from n/a through <= 1.5.3. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ko Min WP Voting wp-voting allows Reflected XSS.This issue affects WP Voting: from n/a through <= 1.8. |
| The Check Plagiarism plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the chk_plag_mine_plugin_wpse10500_admin_action() function in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the API key. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in biscia7 Hide Text Shortcode hide-text-shortcode allows Stored XSS.This issue affects Hide Text Shortcode: from n/a through <= 1.1. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Elessi elessi-theme allows PHP Local File Inclusion.This issue affects Elessi: from n/a through < 6.4.1. |
| Missing Authorization vulnerability in sergiotrinity Trinity Audio trinity-audio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trinity Audio: from n/a through <= 5.20.0. |
| Missing Authorization vulnerability in jidaikobo Dashi dashi allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dashi: from n/a through <= 3.1.8. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Nasa Core nasa-core allows PHP Local File Inclusion.This issue affects Nasa Core: from n/a through <= 6.3.2. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PixelDima Dima Take Action dima-take-action allows Stored XSS.This issue affects Dima Take Action: from n/a through <= 1.0.5. |
| The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all versions up to, and including, 1.2.35 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. |
