CVE-2020-28702
A SQL injection vulnerability in TopicMapper.xml of PybbsCMS v5.2.1 allows attackers to access sensitive database information. Devamını Oku
Devamını oku
CVE-2015-20019
The Content text slider on post WordPress plugin before 6.9 does not sanitise and escape the Title and Message/Content settings, which could lead to Cross-Site Scripting issues Devamını Oku
CVE-2015-20067
The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a WordPress Devamını Oku
CVE-2018-25019
The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary files to the web server Devamını Oku
CVE-2020-36503
The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue Devamını Oku
CVE-2020-36504
The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check in place when deleting a quiz, which could allow an attacker to make a logged in admin delete arbitrary quiz on the blog Devamını Oku
CVE-2020-36505
The Delete All Comments Easily WordPress plugin through 1.3 is lacking Cross-Site Request Forgery (CSRF) checks, which could result in an unauthenticated attacker making a logged in admin delete all comments from the blog. Devamını Oku
CVE-2015-20019 (content_text_slider_on_post)
The Content text slider on post WordPress plugin before 6.9 does not sanitise and escape the Title and Message/Content settings, which could lead to Cross-Site Scripting issues Devamını Oku
CVE-2015-20067 (wp_attachment_export)
The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a WordPress Devamını Oku
CVE-2018-25019 (learndash)
The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary files to the web server Devamını Oku
CVE-2020-36503 (connections_business_directory)
The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue Devamını Oku
CVE-2020-36504 (wp-pro-quiz)
The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check in place when deleting a quiz, which could allow an attacker to make a logged in admin delete arbitrary quiz on the blog Devamını Oku