| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Wp tabber widget plugin for WordPress is vulnerable to SQL Injection via the 'wp-tabber-widget' shortcode in all versions up to, and including, 4.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. |
| The DocoDoco Store Locator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. |
| Stored Cross-site Scripting (XSS) in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. |
| The Zip Attachments plugin for WordPress is vulnerable to unauthorized loss of data due to a missing authorization and capability checks on the download.php file in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to delete arbitrary files from the current wp_upload_dir directory. |
| The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 3.21.1 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
| A vulnerability has been found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this vulnerability is an unknown functionality of the file /htdocs/cardEdit.php. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in user/list is not securely filtered, resulting in a SQL injection vulnerability. |
| ProjectWorlds Gym Management System1.0 is vulnerable to SQL Injection via the "id" parameter in the profile/edit.php page |
| code-projects Client Details System 1.0 is vulnerable to Cross Site Scripting (XSS). When adding customer information, the client details system fills in malicious JavaScript code in the username field. |
| In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in address/list is not securely filtered, resulting in a SQL injection vulnerability. |
| code-projects Simple Scheduling System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Subject Description field. |
| In xckk v9.6, there is a SQL injection vulnerability in which the cond parameter in notice/list is not securely filtered, resulting in a SQL injection vulnerability. |
| SourceCodester Pet Grooming Management Software 1.0 is vulnerable to SQL Injection in admin/view_customer.php via the ID parameter. |
| A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this issue is some unknown functionality of the file /htdocs/manageFilesFolders.php. Performing manipulation results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| Permission control vulnerability in the Gallery module. Successful exploitation of this vulnerability may affect service confidentiality |
| Identity authentication bypass vulnerability in the Gallery app. Successful exploitation of this vulnerability may affect service confidentiality. |
| Permission control vulnerability in the camera module. Successful exploitation of this vulnerability may affect service confidentiality. |
| Permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect service confidentiality. |
| Permission control vulnerability in the network module. Successful exploitation of this vulnerability may affect service confidentiality. |
| Permission control vulnerability in the media module. Successful exploitation of this vulnerability may affect service confidentiality. |
