CVE-2021-24689
The Contact Forms – Drag & Drop Contact Form Builder WordPress plugin through 1.0.5 allows high privilege users to download arbitrary files from the web…
Devamını oku
Kategori: NIST-Güvenlik Açıkları
CVE-2021-24704
In the Orange Form WordPress plugin through 1.0, the process_bulk_action() function in “admin/orange-form-email.php” performs an unprepared SQL query with an unsanitized parameter ($id). Only admin…
CVE-2021-24820
The Cost Calculator WordPress plugin through 1.4 allows users with a role as low as Contributor to perform path traversal and local PHP file inclusion…
CVE-2021-24864
The WP Cloudy, weather plugin WordPress plugin before 4.4.9 does not escape the post_id parameter before using it in a SQL statement in the admin…
CVE-2021-24688
The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in all of its AJAX calls, for example the or_delete_filed…
CVE-2021-24730
The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswss_save_attachment_data AJAX action, allowing any authenticated…
CVE-2021-24823
The Support Board WordPress plugin before 3.3.6 does not have any CSRF checks in actions handled by the include/ajax.php file, which could allow attackers to…
CVE-2022-26159
The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/<domain>/en.xml (and similar pathnames for other languages),…
CVE-2021-43945
Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored…
CVE-2022-0772
Cross-site Scripting (XSS) – Stored in GitHub repository librenms/librenms prior to 22.2.2. Devamını Oku Kaynak: NIST