Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Exploiting Incorrectly Configured Access Control Security Levels.18.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in rollbar Rollbar allows Cross Site Request Forgery.7.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in designinvento DirectoryPress allows Cross Site Request Forgery.6.19. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in SwiftXR SwiftXR (3D/AR/VR) Viewer allows Cross Site Request Forgery.0.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in ABCdatos AI Content Creator allows Cross Site Request Forgery.2.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Woffice Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.4.21. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability classified as problematic was found in Tenda W18E 16.01.0.11. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in devsoftbaltic SurveyJS allows Accessing Functionality Not Properly Constrained by ACLs.12.20. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in ComMotion Course Booking System allows Accessing Functionality Not Properly Constrained by ACLs.0.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ERA404 StaffList allows Retrieve Embedded Sensitive Data.2.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in J. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been found in JFinal CMS up to 5.2.4 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in InfoGiants Simple Website Logo allows Exploiting Incorrectly Configured Access Control Security Levels.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Iqonic Design WPBookit allows Accessing Functionality Not Properly Constrained by ACLs.0.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in blackandwhitedigital WP Genealogy - Your Family History Website allows Exploiting Incorrectly Configured Access Control Security Levels.1.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in WP Event Manager WP Event Manager allows Exploiting Incorrectly Configured Access Control Security Levels.1.47. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Allocation of resources without limits or throttling issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to cause a denial-of-service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Stored XSS in M-Files Web versions from 25.1.14445.5 to 25.2.14524.4 allows an authenticated user to run scripts. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Stored XSS in Desktop UI in M-Files Server Admin tool before version 25.3.14681.7 on Windows allows authenticated local user to run scripts via UI. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Relative Path Traversal vulnerability in Cristián Lávaque s2Member allows Path Traversal. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Stored Cross-Site Scripting (XSS) in DoWISP in versions prior to 1.16.2.50, which consists of an stored XSS through the upload of a profile picture in SVG format with malicious Javascript code in it. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Simple Banner - Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.
Missing Authorization vulnerability in WP Chill Revive.so - Bulk Rewrite and Republish Blog Posts allows Exploiting Incorrectly Configured Access Control Security Levels.so - Bulk Rewrite and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Xpro Xpro Theme Builder allows Exploiting Incorrectly Configured Access Control Security Levels.2.8.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Generation of Error Message Containing Sensitive Information vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Retrieve Embedded Sensitive Data.5.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Ateeq Rafeeq RepairBuddy allows Exploiting Incorrectly Configured Access Control Security Levels.8211. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Joao Romao Social Share Buttons & Analytics Plugin - GetSocial.io allows Exploiting Incorrectly Configured Access Control Security Levels.io: from n/a through. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Stylemix MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels.5.23. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Exploiting Incorrectly Configured Access Control Security Levels.9.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in aleswebs AdMail - Multilingual Back in-Stock Notifier for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.7.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in ERA404 StaffList allows Exploiting Incorrectly Configured Access Control Security Levels.2.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Bookingor Bookingor allows Exploiting Incorrectly Configured Access Control Security Levels.0.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Bowo Variable Inspector allows Exploiting Incorrectly Configured Access Control Security Levels.6.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Anzar Ahmed Display product variations dropdown on shop page allows Exploiting Incorrectly Configured Access Control Security Levels.1.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in weDevs WP Project Manager allows Cross Site Request Forgery.6.22. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in wprio Table Block by RioVizual allows Cross Site Request Forgery.1.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Quý Lê 91 Administrator Z allows Cross Site Request Forgery.03.04. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in axew3 WP w3all phpBB allows Cross Site Request Forgery.9.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in freetobook Freetobook Responsive Widget allows Cross Site Request Forgery.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in PickPlugins Wishlist allows Cross Site Request Forgery.0.44. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in ablancodev Woocommerce Role Pricing allows Cross Site Request Forgery.5.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Broadstreet Broadstreet allows Cross Site Request Forgery.51.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms allows Cross Site Request Forgery.1.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in www.15.to QR Code Tag for WC allows Cross Site Request Forgery.9.36. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in wpzinc Post to Social Media - WordPress to Hootsuite allows Cross Site Request Forgery.5.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in wp-buy 404 Image Redirection (Replace Broken Images) allows Cross Site Request Forgery.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP allows Cross Site Request Forgery.3.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Saiful Islam UltraAddons Elementor Lite allows Cross Site Request Forgery.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in BeRocket Sequential Order Numbers for WooCommerce allows Cross Site Request Forgery.6.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.