The Youzify - BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Bilingual Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the bl_otherlang_link_1 parameter in all versions up to, and including, 2.4 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘zone’ parameter in all versions up to, and including, 1.50.3 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the system that could aid in further attacks against the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The GoHero Store Customizer for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wooh_action_settings_save_frontend(). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Boom Fest plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'bf_admin_action' function in all versions up to, and including, 2.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
The Youzify - BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Youzify - BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could allow an authenticated user to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Linear plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Maximo Application Suite 8.10.10, 8.11.7, and 9.0 - Monitor Component is vulnerable to SQL injection. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Maximo Application Suite 9.0.0 - Monitor Component is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Analytics Content Hub 2.0 is vulnerable to a buffer overflow due to improper return length checking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Analytics Content Hub 2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Import WP - Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.5 via the uploads. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
The Divi Carousel Maker - Image, Logo, Testimonial, Post Carousel & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Carousel and Logo Carousel in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The LearnPress - WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.7.5 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The Masy Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'justified-gallery' shortcode in all versions up to, and including, 1.7 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The ABC Notation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'abcjs' shortcode in all versions up to, and including, 6.1.3 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The ABC Notation plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.1.3 via the 'file' attribute of the 'abcjs' shortcode. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Power Ups for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'magic-button' shortcode in all versions up to, and including, 1.2.2 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The WP Contact Form7 Email Spam Blocker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The WordPress SEO Friendly Accordion FAQ with AI assisted content generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'noticefaq' shortcode in all versions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Connections Business Directory plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation when deleting a connections image directory in all. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Etsy Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'product_link' shortcode in all versions up to, and including, 1.4.2 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The NOTICE BOARD BY TOWKIR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'notice-board' shortcode in all versions up to, and including, 3.1 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The brodos.net Onlineshop Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'BrodosCategory' shortcode in all versions up to, and including, 2.0.2 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Ask Me Anything (Anonymously) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'askmeanythingpeople' shortcode in all versions up to, and including, 1.6 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Target Video Easy Publish plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Custom Product Tabs Lite for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.0 via deserialization of untrusted input from the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘api_key’ and 'api_secret' parameters in all versions up to, and including, 3.14.26 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.0 via the 'trx_sc_reviews' shortcode 'type' attribute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Plethora Plugins Tabs + Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the anchor parameter in all versions up to, and including, 1.1.8 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
7-Zip contains a Mark-of-the-Web bypass vulnerability allowing attackers to circumvent Windows security warnings when extracting files from malicious archives, exploited in campaigns targeting Ukrainian organizations.
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Nuxt is an open-source web development framework for Vue.js. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Nuxt is an open-source web development framework for Vue.js. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.