NVD

Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the …

The Slider Hero WordPress plugin before 8.4.4 does not escape the slider Name, which could allow high-privileged users to perform …

ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs (UIDs) for devices …

The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the …

The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both …

The Login Block IPs WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow …

The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor’s IP from certain HTTP headers over PHP’s …

The OAuth client Single Sign On WordPress plugin before 3.0.4 does not have authorisation and CSRF when updating its settings, which could …

The SVG Support WordPress plugin before 2.5 does not properly handle SVG added via an URL, which could allow users with a role as low as …

The SEO Smart Links WordPress plugin through 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege …

The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow …

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to …

The WP Popup Builder WordPress plugin through 1.2.8 does not sanitise and escape a parameter before outputting it back in the page, leading …

A vulnerability was found in Open5GS up to 2.4.10. It has been declared as problematic. Affected by this vulnerability is an unknown …