| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar allows SQL Injection. This issue affects Appointment Booking Calendar: from n/a through 1.3.92. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bob Watu Quiz allows SQL Injection. This issue affects Watu Quiz: from n/a through 3.4.3. |
| Cross-Site Request Forgery (CSRF) vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce allows Cross Site Request Forgery. This issue affects Recover abandoned cart for WooCommerce: from n/a through 2.2. |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF images. Crafted data in a TIF image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15697. |
| Missing Authorization vulnerability in Dotstore Advanced Linked Variations for Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Linked Variations for Woocommerce: from n/a through 1.0.3. |
| Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Ad Changer allows Cross Site Request Forgery. This issue affects CM Ad Changer: from n/a through 2.0.5. |
| Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Answers allows Cross Site Request Forgery. This issue affects CM Answers: from n/a through 3.3.3. |
| Missing Authorization vulnerability in codepeople Appointment Booking Calendar allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Appointment Booking Calendar: from n/a through 1.3.92. |
| Uguu through 1.8.9 allows Cross Site Scripting (XSS) via JavaScript in XML files. |
| Some UI elements of the Common User Interface Component are not properly sanitizing output and therefore prone to output arbitrary HTML (XSS). |
| The WP Tabs WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
| The Product Labels For Woocommerce (Sale Badges) WordPress plugin before 1.5.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks |
| The Simple Banner WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
| The Stylish Google Sheet Reader 4.0 WordPress plugin before 4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin |
| The WP-Recall WordPress plugin before 16.26.12 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks |
| A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution. |
| AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\post_comments.php. This vulnerability allows attackers to access database information. |
| Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function via set_device_name. |
| Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind. |
| The Popup Maker WordPress plugin before 1.16.11 does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, which could be used against admins |
