The Passster WordPress plugin before 3.5.5.8 does not escape the area parameter of its shortcode, which could allow users with a role as low as…

The Passster WordPress plugin before 3.5.5.9 does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated…

ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. Signed document download URLs can be forged due to a weak default URL…

ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can authenticate with the web socket service of the ONLYOFFICE document…

ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site Scripting (XSS). The “macros” feature of the document editor allows malicious cross site scripting…

ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An authentication bypass in the document editor allows attackers to edit documents without…

ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Improper Input Validation. A lack of input validation can allow an attacker to spoof the names…

ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side Request Forgery (SSRF). The document editor service can be abused to read and serve arbitrary…

The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black…

The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object…