27639 results found, please narrow your search...
CVE-2022-35156 | Bus Pass Management System 1.0 download-pass.php searchdata sql injection (ID 168555)
CVE-2020-35675 | BigProf Online Invoicing System up to 2.x Member pageTransferOwnership.php cross-site request forgery
CVE-2020-35674 | BigProf Online Invoicing System up to 2.8 membership_passwordReset.php sql injection
SQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Website application login form by EGavilan Media that allows authentication bypass through login.php.
CVE-2022-3137 | TaskBuilder up to 1.0.7 on WordPress SVG File Upload admin.php file cross site scripting
CVE-2022-41343 | Dompdf up to 2.0.0 Font Registration FontMetrics.php registerFont file inclusion (ID 2994)
The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow
The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations in certain situations.
The SVG Support WordPress plugin before 2.5 does not properly handle SVG added via an URL, which could allow users with a role as low as author to perform Cross-Site Scripting attacks
CVE-2022-1613 | Restricted Site Access Plugin up to 7.3.1 on WordPress HTTP Header REMOTE_ADDR authorization
CVE-2022-3024 | Simple Bitcoin Faucets Plugin up to 1.7.0 on WordPress AJAX Action cross site scripting
CVE-2022-3119 | OAuth Client Single Sign On Plugin up to 3.0.3 on WordPress Setting improper authentication
CVE-2022-38470 | Customer Reviews for WooCommerce Plugin up to 5.3.5 on WordPress cross-site request forgery
CVE-2022-40194 | Customer Reviews for WooCommerce Plugin up to 5.3.5 on WordPress information disclosure
VDB-209370 | Zephyr Project Manager up to 3.2.4 on WordPress REST Call /v1/tasks/create/ onanimationstart cross site scripting
CVE-2022-37342 | Add Shortcodes Actions and Filters Plugin up to 2.0.9 on WordPress cross site scripting
CVE-2022-37328 | Themes Awesome History Timeline Plugin up to 1.0.5 on WordPress cross site scripting
CVE-2022-40029 | SourceCodester Simple Task Managing System 1.0 newProjectValidation.php shortName cross site scripting
CVE-2022-40028 | SourceCodester Simple Task Managing System 1.0 newProjectValidation.php fullName cross site scripting
CVE-2022-40027 | SourceCodester Simple Task Managing System 1.0 newTask.php shortName cross site scripting
CVE-2022-40030 | SourceCodester Simple Task Managing System 1.0 changeStatus.php bookId sql injection
CVE-2022-40026 | SourceCodester Simple Task Managing System 1.0 board.php board bookId sql injection
CVE-2022-40219 | SedLex FavIcon Switcher Plugin up to 1.2.11 on WordPress Setting cross-site request forgery
The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's
The WordPress Ping Optimizer WordPress plugin before 126.96.36.199.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2022-40357 | Z-BlogPHP up to 1.7.2 action_crawler.php source server-side request forgery (ID 336)
Cross Site Scripting (XSS vulnerability exists in )Sourcecodester News247 News Magazine (CMS) PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field
A Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Storage Unit Rental Management System PHP 8.0.10 , Apache 2.4.14, SURMS V 1.0 via the Add New Tenant List Rent List form.
CVE-2022-2753 | Ketchup Restaurant Reservations Plugin up to 1.0.0 on WordPress cross site scripting
CVE-2022-1591 | Ping Optimizer Plugin prior 188.8.131.52.0 on WordPress Setting cross-site request forgery
CVE-2022-3141 | Translate Multilingual Sites Plugin up to 2.3.2 on WordPress Settings Page sql injection
CVE-2022-2754 | Ketchup Restaurant Reservations Plugin up to 1.0.0 on WordPress SQL Statement sql injection