A flaw was found in the Libreoffice package. An attacker can craft an odb containing a “database/script” file with a SCRIPT command where the contents…

This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability. Zafiyet ile…

The tagDiv Cloud Library WordPress plugin before 2.7 does not have authorisation and CSRF in an AJAX action accessible to both unauthenticated and authenticated users,…

The Companion Sitemap Generator WordPress plugin before 4.5.3 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site…

A vulnerability, which was classified as problematic, has been found in View All Posts Page Plugin up to 0.9.0 on WordPress. This issue affects the…

A vulnerability, which was classified as problematic, was found in WDS Multisite Aggregate Plugin up to 1.0.0 on WordPress. Affected is the function update_options of…

A vulnerability has been found in Beeliked Microsite Plugin up to 1.0.1 on WordPress and classified as problematic. Affected by this vulnerability is the function…

An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests. Zafiyet ile…

An attacker is able to launch a Reflected XSS attack using a crafted URL. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku…

An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku…