Total
277590 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-23788 | 1 Custom More Link Complete Project | 1 Custom More Link Complete | 2025-01-09 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Florin Arjocu Custom More Link Complete plugin <= 1.4.1 versions. | ||||
| CVE-2023-23786 | 1 Servit | 1 Affiliate-toolkit | 2025-01-09 | 5.9 Medium |
| Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Christof Servit affiliate-toolkit plugin <= 3.3.3 versions. | ||||
| CVE-2023-23789 | 1 Premmerce | 1 Premmerce Redirect Manager | 2025-01-09 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Premmerce Premmerce Redirect Manager plugin <= 1.0.9 versions. | ||||
| CVE-2024-43651 | 2025-01-09 | N/A | ||
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC models before version 241207101 Likelihood: Moderate – The <redacted> binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a crafted HTTP request. Impact: Critical – The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services. CVSS clarification: Any network connection serving the web interface is vulnerable (AV:N) and there are no additional measures to circumvent (AC:L) nor does the attack require special conditions to be present (AT:N). The attack requires authentication, but the level does not matter (PR:L), nor is user interaction required (UI:N). The attack leads to a full compromised (VC:H/VI:H/VA:H) and a compromised device can be used to potentially "pivot" into a network that should nopt be reachable (SC:L/SI:L/SA:H). Because this is an EV charger handing significant power, there is a potential safety impact (S:P). THe attack can be autometed (AU:Y). | ||||
| CVE-2023-24418 | 1 Gopiplus | 1 Tiny Carousel Horizontal Slider Plus | 2025-01-09 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Tiny carousel horizontal slider plus plugin <= 3.2 versions. | ||||
| CVE-2023-22711 | 1 Agentevolution | 1 Impress Listings | 2025-01-09 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Agent Evolution IMPress Listings plugin <= 2.6.2 versions. | ||||
| CVE-2023-23701 | 1 Web Design Easy Sign Up Project | 1 Web Design Easy Sign Up | 2025-01-09 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Andrew @ Geeenville Web Design Easy Sign Up plugin <= 3.4.1 versions. | ||||
| CVE-2023-22696 | 1 Custom4web | 1 Affiliate Links Lite | 2025-01-09 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Custom4Web Affiliate Links Lite plugin <= 2.5 versions. | ||||
| CVE-2023-30746 | 1 Booqable | 1 Rental Software Booqable Rental | 2025-01-09 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Booqable Rental Software Booqable Rental plugin <= 2.4.15 versions. | ||||
| CVE-2023-27419 | 1 Everestthemes | 1 Viable Blog | 2025-01-09 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Viable Blog theme <= 1.1.4 versions. | ||||
| CVE-2023-27455 | 1 Mauimarketing | 1 Update Image Tag Alt Attribute | 2025-01-09 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maui Marketing Update Image Tag Alt Attribute plugin <= 2.4.5 versions. | ||||
| CVE-2025-0344 | 2025-01-09 | 6.3 Medium | ||
| A vulnerability has been found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this vulnerability is the function listData of the file /commpara/listData. The manipulation of the argument order leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-32970 | 1 Themify | 1 Portfolio Post | 2025-01-09 | 4.1 Medium |
| Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Themify Themify Portfolio Post plugin <= 1.2.4 versions. | ||||
| CVE-2022-33961 | 1 Waspthemes | 1 Visual Css Style Editor | 2025-01-09 | 4 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WaspThemes Visual CSS Style Editor plugin <= 7.5.8 versions. | ||||
| CVE-2022-46819 | 1 Gopiplus | 1 Continuous Announcement Scroller | 2025-01-09 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Continuous announcement scroller plugin <= 13.0 versions. | ||||
| CVE-2022-46817 | 1 Flyzoo | 1 Flyzoo Chat | 2025-01-09 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flyzoo Flyzoo Chat plugin <= 2.3.3 versions. | ||||
| CVE-2022-47137 | 1 Wpmanageninja | 1 Ninja Tables | 2025-01-09 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPManageNinja LLC Ninja Tables plugin <= 4.3.4 versions. | ||||
| CVE-2022-47441 | 1 Wpcharitable | 1 Charitable | 2025-01-09 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin <= 1.7.0.10 versions. | ||||
| CVE-2022-27856 | 1 Atlasgondal | 1 Export All Urls | 2025-01-09 | 3.4 Low |
| Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Atlas Gondal Export All URLs plugin <= 4.1 versions. | ||||
| CVE-2022-47600 | 1 I13websolution | 1 Mass Email To Users | 2025-01-09 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Mass Email To users plugin <= 1.1.4 versions. | ||||