| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Insertion of Sensitive Information Into Sent Data vulnerability in wpdebuglog PostBox postbox-email-logs allows Retrieve Embedded Sensitive Data.This issue affects PostBox: from n/a through <= 1.0.4. |
| Missing Authorization vulnerability in i.lychkov Mark New Posts mark-new-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark New Posts: from n/a through <= 7.5.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PersianScript Persian Woocommerce SMS persian-woocommerce-sms allows Reflected XSS.This issue affects Persian Woocommerce SMS: from n/a through <= 7.0.5. |
| Path Traversal vulnerability in FULL. FULL Customer allows Path Traversal.This issue affects FULL Customer: from n/a through 3.1.25. |
| The "BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages" plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.20 via deserialization of untrusted input in the get_simple_request function. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. CVE-2024-32603 is likely a duplicate of this issue. |
| Insecure permissions in volcano v1.8.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kundgenerator Kundgenerator kundgenerator allows Reflected XSS.This issue affects Kundgenerator: from n/a through <= 1.0.6. |
| Cross-Site Request Forgery (CSRF) vulnerability in Hive Support Hive Support hive-support allows Cross Site Request Forgery.This issue affects Hive Support: from n/a through <= 1.1.2. |
| An XSS vulnerability has been found in Teimas Global's Teixo, version 1.42.42-stable. This vulnerability could allow an attacker to send a specially crafted JavaScript payload via the "seconds" parameter in the program's URL, resulting in a possible takeover of a registered user's session. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DealerTrend CarDealerPress cardealerpress allows Reflected XSS.This issue affects CarDealerPress: from n/a through <= 6.6.2410.02. |
| Missing Authorization vulnerability in Eyal Fitoussi GEO my WordPress geo-my-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GEO my WordPress: from n/a through <= 4.5.0.4. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in universam UNIVERSAM universam-demo allows Reflected XSS.This issue affects UNIVERSAM: from n/a through < 8.59. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in linknacional Invoice Payment for WooCommerce invoice-payment-for-woocommerce allows Reflected XSS.This issue affects Invoice Payment for WooCommerce: from n/a through <= 1.7.2. |
| Cross-Site Request Forgery (CSRF) vulnerability in Micha I Plant A Tree i-plant-a-tree allows Stored XSS.This issue affects I Plant A Tree: from n/a through <= 1.7.3. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silverplugins217 Check Pincode For Woocommerce check-pincode-for-woocommerce allows Reflected XSS.This issue affects Check Pincode For Woocommerce: from n/a through <= 1.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zeshanb Quran Phrases About Most People Shortcodes quran-phrases-about-most-people-shortcodes allows DOM-Based XSS.This issue affects Quran Phrases About Most People Shortcodes: from n/a through <= 1.4. |
| Cross-Site Request Forgery (CSRF) vulnerability in DevriX DX Dark Site devrix-dark-site allows Stored XSS.This issue affects DX Dark Site: from n/a through <= 1.0.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in christer_f Hello Event Widgets For Elementor hello-event-widgets-for-elementor allows DOM-Based XSS.This issue affects Hello Event Widgets For Elementor: from n/a through <= 1.0.2. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jbd7 geoFlickr geoflickr allows Reflected XSS.This issue affects geoFlickr: from n/a through <= 1.3. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sylviavanos Simple Presenter simple-presenter allows Reflected XSS.This issue affects Simple Presenter: from n/a through <= 1.5.1. |
