| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection. |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal. |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication. |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure. |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection. |
| The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections. |
| The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST. |
| The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion. |
| The memphis-documents-library plugin before 3.0 for WordPress has Remote File Inclusion. |
| The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment. |
| The user-domain-whitelist plugin before 1.5 for WordPress has CSRF. |
| The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms. |
| The duplicate-post plugin before 2.6 for WordPress has SQL injection. |
| The duplicate-post plugin before 2.6 for WordPress has XSS. |
| The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php. |
| The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection. |
| handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header. |
| On Fitbit activity-tracker devices, certain addresses never change. According to the popets-2019-0036.pdf document, this leads to "permanent trackability" and "considerable privacy concerns" without a user-accessible anonymization feature. The devices, such as Charge 2, transmit Bluetooth Low Energy (BLE) advertising packets with a TxAdd flag indicating random addresses, but the addresses remain constant. If devices come within BLE range at one or more locations where an adversary has set up passive sniffing, the adversary can determine whether the same device has entered one of these locations. |
| In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash. |
| Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php. |
