Search
Search Results (26 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 | 
|---|---|---|---|---|
| CVE-2022-2398 | 1 Najeebmedia | 1 Wordpress Comments Fields | 2024-11-21 | 4.8 Medium | 
| The WordPress Comments Fields WordPress plugin before 4.1 does not escape Field Error Message, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2021-25018 | 1 Najeebmedia | 1 Ppom For Woocommerce | 2024-11-21 | 5.4 Medium | 
| The PPOM for WooCommerce WordPress plugin before 24.0 does not have authorisation and CSRF checks in the ppom_settings_panel_action AJAX action, allowing any authenticated to call it and set arbitrary settings. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored XSS issues | ||||
| CVE-2019-5979 | 1 Najeebmedia | 1 Personalized Woocommerce Cart Page | 2024-11-21 | 8.8 High | 
| Cross-site request forgery (CSRF) vulnerability in Personalized WooCommerce Cart Page 2.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | ||||
| CVE-2019-14948 | 1 Najeebmedia | 1 Ppom For Woocommerce | 2024-11-21 | 5.4 Medium | 
| The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure. | ||||
| CVE-2016-15042 | 1 Najeebmedia | 3 Frontend File Manager, N-media Post Front-end Form, Post Front-end Form | 2024-10-30 | 9.8 Critical | 
| The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | ||||
| CVE-2024-49604 | 2 Najeeb Ahmad, Najeebmedia | 2 Simple User Registration, Simple User Registration | 2024-10-23 | 9.8 Critical | 
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Najeeb Ahmad Simple User Registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through 5.5. | ||||