| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ByConsole WooODT Lite – WooCommerce Order Delivery or Pickup with Date Time Location plugin <= 2.4.6 versions. |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Castos Seriously Simple Stats plugin <= 1.5.1 versions. |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Plugins Social Feed | Custom Feed for Social Media Networks plugin <= 2.2.0 versions. |
| Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP Forms Puzzle Captcha plugin <= 4.1 versions. |
| Cross-Site Request Forgery (CSRF) vulnerability in Naresh Parmar Post View Count plugin <= 1.8.2 versions. |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect plugin <= 2.2.4 versions. |
| Cross-Site Request Forgery (CSRF) vulnerability in Bainternet ShortCodes UI plugin <= 1.9.8 versions. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7.1 versions. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Timely - Appointment software Timely Booking Button plugin <= 2.0.2 versions. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Abandoned Cart Lite for WooCommerce plugin <= 5.15.2 versions. |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Robin Wilson bbp style pack plugin <= 5.6.7 versions. |
| An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. |
| An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. |
| File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component. |
| SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component. |
| An issue found in D-Link DSL-3782 v.1.03 and before allows remote authenticated users to execute arbitrary code as root via the Router IP Address fields of the network settings page. |
| Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions. |
| An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service via the authorization component in the HTTP request. |
| An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_template.php component. |
| An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ Weixin.php component. |
