A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
A security flaw has been discovered in Campcodes Complete Online Beauty Parlor Management System 1.0. Impacted is an unknown function of the file /admin/view-appointment.php. Performing a manipulation of the argument viewid results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
A vulnerability was identified in Campcodes Complete Online Beauty Parlor Management System 1.0. This issue affects some unknown processing of the file /admin/search-invoices.php. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
Missing Authorization vulnerability in HappyFiles HappyFiles Pro happyfiles-pro allows Exploiting Incorrectly Configured Access Control Security Levels.8.1. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Stored cross-site scripting (XSS) in WP Microdata WordPress plugin version 1.0 and earlier allows authenticated users or lower-privileged administrators to inject malicious scripts that execute in the browsers of site visitors, potentially leading to credential theft, session hijacking, or malware distribution. The vulnerability stems from improper input sanitization during web page generation. EPSS score of 0.04% indicates low exploitation probability in real-world conditions.
Stored cross-site scripting (XSS) in HappyDevs TempTool WordPress plugin version 1.3.1 and earlier allows authenticated attackers to inject malicious scripts that persist in the database and execute in the browsers of other users who view affected pages. The vulnerability exists in the [Show Current Template Info] functionality and affects the current-template-name component; exploitation requires an authenticated user with appropriate plugin permissions but can compromise all site visitors who interact with the injected content.
Stored or reflected cross-site scripting (XSS) in Campcodes Complete Online Beauty Parlor Management System 1.0 allows high-privileged authenticated users to inject malicious scripts via the fromdate parameter in /admin/bwdates-reports-details.php, potentially compromising admin sessions or stealing sensitive data. Public exploit code exists, but exploitation requires admin-level privileges and user interaction (likely clicking a malicious link), limiting real-world attack surface despite CVSS 1.9 indicating minimal risk.
Missing Authorization vulnerability in HappyFiles HappyFiles Pro happyfiles-pro allows Exploiting Incorrectly Configured Access Control Security Levels.8.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
HappyDevs TempTool plugin for WordPress exposes sensitive system information through an information disclosure vulnerability affecting versions up to 1.3.1. The vulnerability allows unauthorized parties to retrieve embedded sensitive data by exploiting improper access controls, specifically in the [Show Current Template Info] functionality. With an EPSS score of 0.04% and no CVSS vector assigned, exploitation likelihood is low, though the information disclosed could inform secondary attacks.
Missing Authorization vulnerability in Mapro Collins Magazine Edge magazine-edge allows Exploiting Incorrectly Configured Access Control Security Levels.13. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.