| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request. |
| The postman-smtp plugin through 2017-10-04 for WordPress has XSS via the wp-admin/tools.php?page=postman_email_log page parameter. |
| The examapp plugin 1.0 for WordPress has SQL injection via the wp-admin/admin.php?page=examapp_UserResult id parameter. |
| The examapp plugin 1.0 for WordPress has XSS via exam input text fields. |
| The formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form > Heading > Heading Text" field. |
| The Pinfinity theme before 2.0 for WordPress has XSS via the s parameter. |
| The Qards plugin through 2017-10-11 for WordPress has XSS via a remote document specified in the url parameter to html2canvasproxy.php. |
| The jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL Injection via the admin/class-jtrt-responsive-tables-admin.php tableId parameter. |
| The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions. |
| An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c. |
| nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse. |
| The updraftplus plugin before 1.13.5 for WordPress has XSS in rare cases where an attacker controls a string logged to a log file. |
| The woocommerce-catalog-enquiry plugin before 3.1.0 for WordPress has an incorrect wp_upload directory for file uploads. |
| The timesheet plugin before 0.1.5 for WordPress has multiple XSS issues. |
| An issue was discovered in the cookie crate before 0.7.6 for Rust. Large integers in the Max-Age of a cookie cause a panic. |
| An issue was discovered in the security-framework crate before 0.1.12 for Rust. Hostname verification for certificates does not occur if ClientBuilder uses custom root certificates. |
| An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers. |
| The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths. |
| The posts-in-page plugin before 1.3.0 for WordPress has ic_add_posts template='../ directory traversal. |
| The post-pay-counter plugin before 2.731 for WordPress has no permissions check for an update-settinga action. |
