| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unrestricted Upload of File with Dangerous Type vulnerability in fliperrr Creates 3D Flipbook, PDF Flipbook create-flipbook-from-pdf allows Upload a Web Shell to a Web Server.This issue affects Creates 3D Flipbook, PDF Flipbook: from n/a through <= 1.2. |
| Deserialization of Untrusted Data vulnerability in baptiste.gourdin Talkback talkback-secure-linkback-protocol allows Object Injection.This issue affects Talkback: from n/a through <= 1.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sumitsurai Featured Posts with Multiple Custom Groups (FPMCG) featured-posts-with-multiple-custom-groups-fpmcg allows Reflected XSS.This issue affects Featured Posts with Multiple Custom Groups (FPMCG): from n/a through <= 4.0. |
| Cross-Site Request Forgery (CSRF) vulnerability in sumitsurai Featured Posts with Multiple Custom Groups (FPMCG) featured-posts-with-multiple-custom-groups-fpmcg allows Cross Site Request Forgery.This issue affects Featured Posts with Multiple Custom Groups (FPMCG): from n/a through <= 4.0. |
| Deserialization of Untrusted Data vulnerability in Webextends Telecash Ricaricaweb telecash-ricaricaweb allows Object Injection.This issue affects Telecash Ricaricaweb: from n/a through <= 2.2. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hung Trang Si SB Random Posts Widget sb-random-posts-widget allows PHP Local File Inclusion.This issue affects SB Random Posts Widget: from n/a through <= 1.0. |
| Deserialization of Untrusted Data vulnerability in Boyan Raichev IP Loc8 ip-loc8 allows Object Injection.This issue affects IP Loc8: from n/a through <= 1.1. |
| Unrestricted Upload of File with Dangerous Type vulnerability in xaraartech External featured image from bing external-featured-image-from-bing allows Upload a Web Shell to a Web Server.This issue affects External featured image from bing: from n/a through <= 1.0.2. |
| Deserialization of Untrusted Data vulnerability in GMRobbins Disc Golf Manager disc-golf-manager allows Object Injection.This issue affects Disc Golf Manager: from n/a through <= 1.0.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dogrow Simple Baseball Scoreboard simple-baseball-scoreboard allows Stored XSS.This issue affects Simple Baseball Scoreboard: from n/a through <= 1.3. |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Fahad Mahmood Keep Backup Daily keep-backup-daily allows Retrieve Embedded Sensitive Data.This issue affects Keep Backup Daily: from n/a through <= 2.1.3. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rconnect305 Restaurant Reservations Widget restaurantconnect-reswidget allows Reflected XSS.This issue affects Restaurant Reservations Widget: from n/a through <= 1.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on contact-form-7-paypal-add-on allows Reflected XSS.This issue affects Contact Form 7 – PayPal & Stripe Add-on: from n/a through <= 2.3. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows SQL Injection.This issue affects Backup and Staging by WP Time Capsule: from n/a through <= 1.22.21. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Axton WP-WebAuthn wp-webauthn allows Stored XSS.This issue affects WP-WebAuthn: from n/a through <= 1.3.1. |
| Unrestricted Upload of File with Dangerous Type vulnerability in THATplugin Iconize iconize.This issue affects Iconize: from n/a through <= 1.2.4. |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Metagauss EventPrime eventprime-event-calendar-management.This issue affects EventPrime: from n/a through <= 4.0.4.5. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Essekia Helpie FAQ helpie-faq allows Stored XSS.This issue affects Helpie FAQ: from n/a through <= 1.27. |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in tomlister Payflex Payment Gateway payflex-payment-gateway.This issue affects Payflex Payment Gateway: from n/a through <= 2.6.1. |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Danish Ali Malik Top Bar – PopUps – by WPOptin wpoptin allows PHP Local File Inclusion.This issue affects Top Bar – PopUps – by WPOptin: from n/a through <= 2.0.1. |
