This vulnerability in the Evergreen Content Poster plugin for WordPress allows unauthorized users to delete arbitrary posts and pages without authentication.
This vulnerability is a problem because it allows attackers to delete important content from your WordPress site, leading to data loss and potential disruptions to your business or organization.
This vulnerability allows an attacker to remotely execute code on your Craft CMS installation if your security key has already been compromised.
This vulnerability is a serious threat because it allows an attacker to take control of your system, steal sensitive data, or disrupt your services. If your security key has been compromised, an attacker can exploit this vulnerability to gain unauthorized access to your system.
This vulnerability in Fortra Application Hub (formerly known as Helpsystems One) versions prior to 1.3 logs credentials in the IAM logfile under certain log settings.
This vulnerability is a problem because it potentially exposes sensitive credentials, such as usernames and passwords, in plain text, which could be accessed by unauthorized users.
A buffer overflow vulnerability in the Internet Printing Protocol (IPP) of certain Lexmark devices allows an attacker to execute arbitrary code.
This vulnerability can be exploited by an attacker to gain control of the affected device, allowing them to steal sensitive information, disrupt printing operations, or even use the device as a launching point for further attacks within the network.
[Insert brief description of the vulnerability]
[Explain the potential impact of the vulnerability]
This CVE ID is not valid and has been rejected or withdrawn.
This CVE does not represent an actual vulnerability and may cause confusion.
This vulnerability allows an attacker to read protected files without permission, potentially leading to unauthorized access to sensitive information.
This is a problem because it could allow an attacker to escalate their privileges on a local system without needing any additional execution privileges, potentially allowing them to access sensitive data or systems without authorization.
This vulnerability allows an app to read files in the messages app due to a race condition, potentially giving unauthorized access to sensitive data.
This is a problem because it could lead to local escalation of privilege, allowing an attacker to gain more control over the system without needing additional execution privileges. This could result in unauthorized access to sensitive information and potential system compromise.
This vulnerability allows an attacker to access location information without permission, potentially leading to local escalation of privileges.
This is a problem because an unauthorized user could exploit this vulnerability to gain elevated access to sensitive information, compromising the security of the system.
This vulnerability allows an attacker to write data outside of a designated boundary in the dm_agent.cpp file, potentially leading to local escalation of privilege.
This vulnerability is a problem because it could allow an attacker to gain System-level execution privileges, giving them elevated access to a system without needing any user interaction.
This vulnerability allows an attacker to access sensitive kernel memory from user space due to an incorrect bounds check.
This is a problem because it could lead to a local escalation of privilege, giving the attacker unauthorized access and control over the system, without needing any additional execution privileges.
This vulnerability allows an attacker to overflow a buffer in the ip6_append_data function, potentially leading to code execution.
This vulnerability can be exploited to locally escalate privileges, giving an attacker elevated access to the system without needing any additional execution privileges. Since no user interaction is required, the attack can be carried out silently.
A heap overflow can occur in the mnh-sm.c functions due to an integer overflow, allowing an attacker to escalate their privileges locally.
This vulnerability allows an attacker to gain higher-level access to the system without needing additional execution privileges, giving them unauthorized control over the system.
This vulnerability allows group memberships to be incorrectly updated in the zot image registry, causing revoked or removed groups to still be considered valid.
This vulnerability bypasses group-based authorization controls, potentially allowing unauthorized access to protected resources. It can also lead to confusion and inconsistencies in group management.
This CVE ID has been rejected or withdrawn and does not represent a valid vulnerability.
As this CVE ID is not valid, it does not pose a security risk.
This CVE is not a valid vulnerability and was mistakenly reported.
There is no problem associated with this CVE, as it does not represent a genuine security issue.
Not a valid vulnerability
This CVE is not a legitimate security issue and does not pose a threat to systems or data.
N/A
N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority, which means it is not a valid or recognized vulnerability.
Since this CVE ID is not valid, there is no vulnerability to address, and no further action is required.
This CVE has been rejected or withdrawn by its CVE Numbering Authority, which means it is no longer a valid vulnerability.
Since this CVE is no longer valid, it does not pose a security risk or vulnerability.
This vulnerability allows an attacker to crash the emergency callback mode on a device, causing a local denial of service.
This vulnerability can disrupt critical emergency services, leading to potential safety risks for individuals who rely on these services.
This vulnerability allows an attacker to bypass address space layout randomization in certain functions of Parcel.cpp, potentially leading to local escalation of privilege.
This vulnerability is a problem because it enables an attacker to gain elevated privileges on a system without needing additional execution privileges or user interaction, making it a significant security threat.
This vulnerability allows an attacker to bypass KASLR (Kernel Address Space Layout Randomization) protection, which is designed to make it harder for attackers to find and exploit vulnerabilities in the operating system.
By bypassing KASLR, an attacker can gain access to sensitive system information, which could be used to launch further attacks or gain unauthorized access to the system. This vulnerability can be exploited without any user interaction, making it a serious concern.
This vulnerability allows an attacker to read sensitive information on a system by exploiting a missing bounds check in the asn1_ber_decoder function. This can be done without any user interaction.
This vulnerability is a problem because it allows an attacker to access sensitive information on a system, potentially leading to unauthorized data breaches or other malicious activities. Since it can be exploited with System execution privileges, the attacker can gain high-level access to the system.
This vulnerability allows someone to turn on Wi-Fi hotspot from a non-owner profile on a device, without needing permission.
This is a problem because it can lead to a local escalation of privilege, meaning an attacker can gain more control over the device and access sensitive information, without needing any additional permissions or user interaction.
This vulnerability allows an attacker to view thumbnails of deleted photos on a device without needing any special permissions or user interaction.
This is a problem because it could lead to the disclosure of sensitive information, such as personal photos, that were thought to be deleted.
This vulnerability allows an attacker to add or delete words in a user's dictionary without their permission.
This vulnerability can lead to a local escalation of privilege, allowing an attacker to gain more access and control over a system without needing additional execution privileges. This means an attacker can potentially take over a system or steal sensitive information.
This vulnerability allows an attacker to prevent access to emergency services due to a logic error in the code of the PhoneInterfaceManager.java.
This is a problem because it can lead to a denial of service, which means emergency services may become unavailable, potentially putting people's lives at risk.
This vulnerability allows an attacker to inject malicious JavaScript code or generate invalid HTML when rendering untrusted mathematical expressions using the `renderToString` function in KaTeX, a JavaScript library for TeX math rendering.
This vulnerability enables attackers to execute arbitrary JavaScript code or inject malicious HTML, potentially leading to security breaches, data theft, or other harmful consequences.
This vulnerability allows an attacker to inject malicious SQL code into the Codezips Gym Management System through the "name" argument in the /dashboard/admin/edit_member.php file, which can be done remotely.
This vulnerability can give an attacker unauthorized access to sensitive information stored in the system's database, leading to potential data breaches, unauthorized changes, or even taking control of the system.
The AWS Cloud Development Kit (AWS CDK) has a vulnerability in its IAM OIDC custom resource provider package that allows unauthorized connections to OIDC providers.
This vulnerability could allow man-in-the-middle (MITM) attacks, which can compromise sensitive data or security tokens. Although the risk is low because users have control over the OIDC provider URL, it's still important to fix this issue to ensure secure connections.
This vulnerability allows a malicious user to steal formgrader content by sending a specially crafted link to another user with access to formgrader, exploiting a flaw in the JupyterHub configuration.
This vulnerability allows an attacker to gain unauthorized access to sensitive information, using the victim's credentials, and can lead to data theft and potential security breaches.
The Bible Module for ROBLOX developers has a vulnerability in its `FetchVerse` and `FetchPassage` functions, allowing attackers to inject malicious input and manipulate API request URLs.
This vulnerability could allow attackers to gain unauthorized access or tamper with data, compromising the security and integrity of affected ROBLOX games.
This vulnerability allows an attacker to execute arbitrary scripts on a user's device by exploiting a Cross-Site Scripting (XSS) weakness in the Caido web security auditing toolkit.
This can lead to the theft of sensitive information, giving the attacker unauthorized access to confidential data.
This vulnerability allows any unauthorized user or program to connect to a privileged system service (called "eu.exelban.Stats.SMC.Helper") on a macOS system, giving them the ability to modify hardware settings and execute code with root privileges.
This vulnerability is a problem because it allows attackers to take control of a user's device, making changes to hardware settings and running malicious code with elevated privileges. This could lead to serious security breaches and system compromises.
This vulnerability allows an attacker to inject malicious SQL code into the Tailoring Management System through the "expcat" argument in the /expadd.php file, allowing them to access or modify sensitive data.
This vulnerability is a problem because it allows an attacker to access or modify sensitive data remotely, potentially leading to data breaches, unauthorized changes, or even complete system compromise.
This vulnerability allows attackers to inject malicious code into the Tourism Management System 1.0 through the "pgedetails" argument in the /admin/manage-pages.php file, enabling cross-site scripting attacks.
This vulnerability can be exploited remotely, allowing attackers to steal user data, take control of user sessions, or perform other malicious actions.
This vulnerability allows an attacker to trick the OtCMS system into reading arbitrary system files, potentially revealing sensitive information.
This is a problem because an attacker could use this vulnerability to access confidential data, such as configuration files or sensitive user information, which could be used to launch further attacks or compromise the security of the system.
This vulnerability allows an attacker to inject malicious SQL code into the WeGIA v3.2.0 application through the nextPage parameter in the control.php file.
This vulnerability can lead to unauthorized access to sensitive data, modification of data, or even complete system compromise.
This vulnerability allows an attacker to inject malicious code into a webpage through the "dados_addInfo" parameter in the "documentos_funcionario.php" file in WeGIA versions before 3.2.0.
This vulnerability can be exploited by an attacker to steal user data, take control of user sessions, or redirect users to malicious websites.
This vulnerability allows an attacker to bypass the firmware downgrade protection feature in certain Lexmark products, potentially enabling them to install an older, vulnerable version of the firmware.
This vulnerability is a problem because it undermines the security feature that prevents attackers from downgrading the firmware to a version with known vulnerabilities, making it easier for them to exploit those weaknesses and gain unauthorized access to the device or data.
This vulnerability allows an attacker to gain elevated privileges on a system by exploiting a flaw in the update mechanism of Microsoft Edge (Chromium-based).
This vulnerability is a problem because it gives an attacker the ability to gain unauthorized access to sensitive data and systems, allowing them to perform malicious actions that can compromise the security and integrity of the affected system.
This vulnerability allows an attacker to gain elevated privileges on a system by exploiting a weakness in the Chromium-based Microsoft Edge browser.
This is a problem because it gives an attacker unauthorized access to sensitive data and system resources, enabling them to perform malicious actions that could compromise the security of the system and its users.
This vulnerability allows an attacker to inject malicious code into the Car Rental Management System 1.0 through the "pgdetails" argument in the /admin/manage-pages.php file, leading to a cross-site scripting (XSS) attack.
This vulnerability can be exploited remotely, allowing an attacker to steal user data, take control of user sessions, or perform other malicious actions on the affected system.
This vulnerability allows attackers to inject malicious SQL code into the Attendance Tracking Management System by manipulating the "attendance_id" argument in the /admin/edit_action.php file, allowing unauthorized access to sensitive data.
This vulnerability can be exploited remotely, which means attackers can access the system from anywhere in the world. This can lead to serious consequences, including data breaches, financial losses, and reputational damage.
This vulnerability allows an attacker to inject malicious code into a website through the title, time, and msg parameters, which can then be executed by unsuspecting users.
This type of attack, known as Cross-Site Scripting (XSS), can lead to the theft of sensitive information, such as login credentials or credit card numbers, as well as allow attackers to take control of user sessions or execute malicious actions on behalf of the user.
This vulnerability allows an attacker to inject malicious code into the Online Exam System master version through a parameter called "w", which can lead to the theft of sensitive information.
This is a problem because it allows an attacker to steal sensitive information, which could include personal data, exam answers, or other confidential information. This can lead to identity theft, cheating, or other malicious activities.
The Clickjacking vulnerability in Typecho v1.2.1 allows an attacker to trick users into clicking on a malicious website or link, thinking it's a legitimate one, which can lead to unauthorized actions or data theft.
This vulnerability is a problem because it can lead to unauthorized access to sensitive information, theft of sensitive data, or execution of malicious actions on the user's behalf, all while the user is unaware of what's happening.
This vulnerability allows an attacker to inject malicious SQL code into a WeGIA system (specifically, in the query_geracao_auto.php file) by manipulating the "query" parameter.
This vulnerability can give an attacker unauthorized access to sensitive data, modify or delete data, or even take control of the entire system. This can lead to data breaches, system crashes, and other serious security issues.
This vulnerability allows an attacker to change a user's password without knowing the correct old password in the WeGIA application.
This is a problem because an unauthorized person could gain access to a user's account by changing their password, potentially leading to data breaches, unauthorized actions, and other security issues.
This vulnerability allows an attacker to inject malicious SQL code into the WeGIA system, specifically in the `/funcionario/remuneracao.php` file, by manipulating the `id_funcionario` parameter.
This vulnerability can lead to unauthorized access to sensitive data, modification or deletion of data, and even complete system compromise. Attackers can use SQL injection to extract sensitive information, disrupt system functionality, or inject malware.
This vulnerability allows an attacker to inject malicious code into a webpage on the affected Wegia system, specifically on the /geral/documentos_funcionario.php page, by manipulating the "id" parameter.
This can lead to unauthorized access to sensitive information, hijacking of user sessions, or execution of malicious actions on behalf of the user, compromising the security and integrity of the system and its users.
This vulnerability in Teradata Vantage Editor 1.0.1 allows a user to access arbitrary remote websites, including unintended features like Chromium Developer Tools, beyond its intended use for SQL database access and docs.teradata.com access.
This vulnerability is a problem because it enables users to unintentionally access unauthorized websites, potentially leading to security breaches, data leaks, or malware infections.
This vulnerability allows an attacker with access to the laboratory network to create fake authentication tokens, giving them unauthorized access to the Algo Edge system.
This vulnerability is a problem because it allows an attacker to gain unauthorized access to the system, potentially leading to data breaches, system tampering, or other malicious activities.
This vulnerability allows an attacker to inject malicious SQL code into the Gym Management System's edit_mem_submit.php file by manipulating the "uid" argument, allowing them to access and modify sensitive data.
This vulnerability can lead to unauthorized access, data tampering, and potential takeover of the system, resulting in significant damage to the organization and its users.
This vulnerability allows an attacker to inject malicious SQL code into the Campaign Management System Platform for Women 1.0 through the "Username" argument in the /Code/loginnew.php file, which can lead to unauthorized access to sensitive data.
This vulnerability is a problem because it can allow attackers to remotely access and manipulate sensitive data, potentially leading to data breaches, unauthorized changes, or even system compromise.
This vulnerability allows an attacker to inject malicious SQL code into the Campaign Management System Platform for Women 1.0 through the "uname" argument in the sc_login.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is critical because it can be exploited remotely, and the exploit has already been made public, making it easy for attackers to use. This could lead to data theft, tampering, or unauthorized access to the system.
This vulnerability allows an attacker to inject malicious SQL code into the Codezips Gym Management System 1.0 through the "m_id" argument in the /dashboard/admin/new_submit.php file, allowing them to access or modify sensitive database information.
This vulnerability is critical because it allows an attacker to remotely access and manipulate sensitive data, potentially leading to unauthorized access, data breaches, or even complete system compromise.
This vulnerability allows a remote attacker to crash the Linphone-Desktop application by sending a specially crafted packet, causing a denial-of-service condition.
If an attacker successfully exploits this vulnerability, they can make the Linphone-Desktop application unavailable, disrupting communication and causing inconvenience to users.
This vulnerability allows an attacker to access and control critical functions in the Nedap Librix Ecoreader system without needing a username or password.
This is a serious issue because it enables an attacker to potentially execute malicious code, which could lead to unauthorized access, data theft, or system compromise.
This vulnerability allows an attacker with full access to a mobile platform to use bash files in the application's private directory to compromise the translations for the application.
This vulnerability is a problem because it allows an attacker to manipulate the application's translations, potentially leading to misinformation or unauthorized access to sensitive information.
This vulnerability allows an attacker to obtain valid credentials and a static token from a decompiled IPA file, which can be used to disrupt the normal use of an application.
This vulnerability is a problem because it allows an attacker to gain unauthorized access to the application and modify its translation files, compromising its integrity and potentially causing harm to users.
This vulnerability allows attackers to access unauthorized information by using hardcoded credentials embedded in the application's binary code, which are part of the app's authentication process and communication with the mobile application.
This is a problem because it allows unauthorized access to sensitive information, which can lead to data breaches, identity theft, and other security threats.
This vulnerability allows an attacker to inject malicious code into the ETIC Telecom Remote Access Server (RAS) web server, which then reflects the code back to the user's browser.
This reflected cross-site scripting (XSS) attack can allow an attacker to steal user credentials, take control of user sessions, or inject malware into the user's browser. This can lead to unauthorized access to sensitive information and systems.
This vulnerability allows an attacker to inject malicious code into the ETIC Telecom Remote Access Server (RAS) web server, which is then reflected back to the client's browser.
This can allow an attacker to steal sensitive information, take control of the user's session, or perform unintended actions on their behalf. Since the vulnerability is reflected, it means the attacker can trick a user into clicking on a specially crafted link, making it easier to exploit.
This vulnerability in ETIC Telecom Remote Access Server (RAS) allows attackers to access the web portal and view hidden HTML code, revealing clear text credentials that can be used to connect to the ssh server.
This allows attackers to gain unauthorized access to the device and perform malicious actions, potentially leading to data breaches, system compromise, or other security threats.
This vulnerability allows an attacker to inject malicious code into the ETIC Telecom Remote Access Server (RAS) website, which is then displayed to administrators on various pages.
This reflected cross-site scripting (XSS) vulnerability can be exploited to steal administrator credentials, take control of the RAS system, or perform other malicious actions.
This vulnerability allows an external attacker to trick a user into sending a malicious request to the ETIC Telecom Remote Access Server (RAS), which can cause a denial of service on the device.
This is a problem because it can allow an attacker to disrupt the operation of the device, causing inconvenience and potential loss of productivity. Additionally, since no access to the device is required, the attack can come from anywhere, making it difficult to detect and prevent.
This vulnerability allows an attacker to inject malicious SQL code into the Chat System 1.0 by manipulating the "id" argument in the /user/leaveroom.php file, allowing unauthorized access to sensitive data.
This vulnerability enables hackers to remotely exploit the system, potentially leading to unauthorized data access, modification, or deletion, which can result in significant security breaches and data loss.
This vulnerability allows an attacker to inject malicious code into a website through the "type" argument in the "_feedback_system.php" file, which can lead to Cross-Site Scripting (XSS).
This vulnerability can allow an attacker to steal user data, take control of user sessions, or perform other malicious actions on the targeted website.
This vulnerability allows an attacker to overflow the buffer in the login form of the Train Ticket Reservation System 1.0 by manipulating the username argument, potentially leading to unauthorized access or system crashes.
This vulnerability is a problem because it can be exploited by an attacker to gain unauthorized access to the system, steal sensitive information, or even crash the system, disrupting its functionality.
This vulnerability allows an attacker to inject commands remotely through a weakness in the HTTP Request Handler of Tenda AC8, AC10, and AC18 routers with firmware version 16.03.10.20.
This is a critical issue because it gives attackers the ability to execute malicious commands on the affected routers, potentially leading to unauthorized access, data theft, and other malicious activities.
Allows unauthorized access to the /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0, revealing sensitive information.
This vulnerability lets attackers remotely access sensitive information without needing a login or password, which can lead to data breaches and security compromises.
This vulnerability allows an attacker to inject malicious SQL code into the Admission Management System 1.0 through the "in_eml" argument in the /signupconfirm.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is critical because it allows attackers to remotely inject malicious SQL code, which can lead to unauthorized data access, modification, or deletion. This can have severe consequences, including data breaches and system compromise.
This vulnerability allows an attacker to execute arbitrary code on Newtec modems (NTC2218, NTC2250, NTC2299) by sending a specially crafted network packet that overflows a buffer in the swdownload binary.
This vulnerability is a problem because it allows an attacker to take control of the modem and execute malicious code, potentially leading to unauthorized access, data breaches, or other malicious activities.
This vulnerability allows an attacker to inject arbitrary shell commands into the modem's web administration interface, allowing them to execute malicious code on the system.
This vulnerability gives an attacker the ability to take control of the system, potentially leading to data breaches, malware infections, and other security issues.
This vulnerability allows an attacker to execute malicious code on a workstation by tricking a non-admin user into opening a specially crafted project file.
This vulnerability can lead to the loss of confidentiality and integrity of sensitive information, as well as allow an attacker to remotely execute code on the affected workstation, potentially leading to further system compromise.
This vulnerability allows unauthorized access to restricted web pages, modification of web page content, and potentially leads to a denial of service.
This vulnerability is a problem because it exposes sensitive information to unauthorized actors, allowing them to access and modify restricted data, which can lead to data breaches, unauthorized changes, and even system downtime.
This vulnerability allows an attacker to send specific Modbus write packets to a device, modifying configuration values outside of the normal range.
This can result in invalid data or loss of web interface functionality, which can lead to unauthorized changes to the device's configuration and disrupt its operation.
This vulnerability allows an authorized attacker to modify values outside of their authorized privileges by sending modified HTTPS requests to the device.
This is a problem because it enables an attacker to elevate their privileges, potentially gaining access to sensitive information or systems that they shouldn't have access to. This can lead to unauthorized changes, data breaches, or even complete system takeover.
This vulnerability in the Gravity Forms plugin for WordPress allows attackers to inject malicious scripts onto a website through a specific parameter, which can then be executed when a user visits the affected page.
This vulnerability can be exploited by unauthenticated attackers, allowing them to inject harmful scripts that can steal user data, take control of user sessions, or perform other malicious actions. The fact that it only affects the Chrome browser and requires a specific set of circumstances does not diminish the potential impact.
This vulnerability in the Gravity Forms plugin for WordPress allows attackers to inject malicious scripts into pages through the 'alt' parameter, which can execute when a user visits the infected page.
This vulnerability is a problem because it allows unauthenticated attackers to inject arbitrary web scripts, which can lead to users being redirected to phishing sites, having their sensitive information stolen, or experiencing other malicious activities.
This vulnerability allows an attacker to import a specially crafted XML file into the Web Designer configuration tool, which can lead to the disclosure of sensitive information, compromise the integrity of the workstation, and potentially even allow remote code execution.
This vulnerability is a problem because it can give an attacker access to sensitive information and allow them to take control of the compromised computer, potentially leading to data theft, ransomware attacks, or other malicious activities.
This vulnerability allows an attacker to intercept communication between devices and alter or steal sensitive information, potentially causing partial loss of confidentiality, loss of integrity, and availability of the Human-Machine Interface (HMI).
This vulnerability is a problem because it enables an attacker to perform a "man-in-the-middle" attack, which means they can secretly intercept and modify communication between devices, potentially leading to unauthorized access, data theft, or system downtime.
Allows unauthorized users to add rooms with custom prices in the WP Hotel Booking plugin for WordPress.
This vulnerability enables attackers to manipulate hotel room prices without permission, potentially leading to financial losses or reputational damage for hotels and booking organizations.
This vulnerability allows an unauthenticated attacker to send a specially crafted HTTPS packet to a web server, causing a Denial-of-Service (DoS) that can disrupt the product's normal functioning.
This vulnerability poses a significant risk because it can be exploited by anyone, without needing to login or have any authorization, potentially causing the product to become unavailable or unstable, leading to service disruptions and potential data loss.
This vulnerability allows local attackers to potentially execute arbitrary code on your system when you open a malicious project file.
This vulnerability is a problem because it could allow an attacker to take control of your system or steal sensitive information by tricking you into opening a malicious file.
This vulnerability in the quote-posttype-plugin for WordPress allows attackers to inject malicious scripts into website pages through the Author field, which will be executed when a user visits the page.
This vulnerability can lead to unauthorized access to sensitive information, hijacking of user sessions, and other malicious activities, as the injected scripts can steal user data, redirect users to phishing sites, or perform other harmful actions.
The Sandbox plugin for WordPress allows authenticated attackers with Subscriber-level access or higher to download a copy of the entire sandbox environment, including sensitive files like the wp-config.php file, due to a missing capability check on the export_download action.
This vulnerability is a problem because it allows unauthorized access to sensitive information, which can be used to launch further attacks or compromise the security of the entire WordPress installation.
This vulnerability in the Sandbox plugin for WordPress allows an attacker to inject malicious scripts into a webpage by manipulating the 'debug' parameter, potentially leading to the execution of unauthorized code.
This vulnerability is a problem because it allows an attacker to trick users into clicking on a link, which can lead to the execution of malicious scripts. This can result in unauthorized access to sensitive information, data theft, or other malicious activities.
The Moving Users plugin for WordPress exports user data to JSON files with predictable file names and locations, making it possible for attackers to access sensitive information.
This vulnerability allows unauthenticated attackers to extract sensitive user data, including email addresses, hashed passwords, and IP addresses, which could lead to user identity theft, account takeover, and other security breaches.
This vulnerability allows authenticated attackers with Contributor-level access or higher to inject malicious scripts into WordPress pages using the MyBookProgress plugin. These scripts will execute whenever a user visits the infected page.
This vulnerability can lead to unauthorized access to sensitive information, hijacking of user sessions, and other malicious activities. The injected scripts can also spread malware, steal data, or perform other harmful actions.
This vulnerability in the Glofox Shortcodes plugin for WordPress allows attackers with contributor-level access or higher to inject malicious code into web pages using specific shortcodes.
This vulnerability enables hackers to inject arbitrary web scripts, which can execute whenever a user accesses an infected page. This can lead to unauthorized actions, data theft, or other malicious activities.
This vulnerability allows an attacker to inject malicious scripts into a WordPress website using the Proofreading plugin, which can execute when a user clicks on a link or performs a specific action.
This vulnerability can allow an attacker to take control of a user's browser, steal sensitive information, or perform unauthorized actions on the website.
The RSS Icon Widget plugin for WordPress allows attackers with administrator access to inject malicious scripts into web pages through the 'link_color' parameter, which can execute whenever a user visits the infected page.
This vulnerability enables hackers to take control of user sessions, steal sensitive information, or take other malicious actions, putting users and the entire WordPress installation at risk.
This vulnerability allows attackers with Subscriber-level access and upload permissions to upload any type of file to a WordPress site using the Advanced File Manager plugin, potentially leading to remote code execution.
This vulnerability is a problem because it allows unauthorized users to upload malicious files to a website, which can lead to the execution of harmful code, giving attackers control over the site and potentially access to sensitive data.
This vulnerability allowed users of the TrueFiling electronic filing system to manipulate certain identifiers in URL requests, which could grant them partial access to case information and allow them to change user access to cases.
This vulnerability poses a risk to the confidentiality and integrity of sensitive case information, as unauthorized users could potentially access or modify sensitive data.
The Eventer plugin for WordPress has a vulnerability that allows attackers with Subscriber-level access or higher to read the contents of arbitrary files on the server.
This vulnerability can give attackers access to sensitive information, which can be used to launch further attacks or steal sensitive data.
This vulnerability in the WP Inventory Manager plugin for WordPress allows hackers to inject malicious scripts into web pages through a parameter called 'message', which can execute if a user clicks on a link or performs a specific action.
This vulnerability can lead to unauthorized access, data theft, and other malicious activities, as the injected scripts can steal sensitive information, take control of user sessions, or perform other harmful actions.
This vulnerability allows attackers with contributor-level access or higher to inject malicious code into WordPress pages using the Payment Button for PayPal plugin. This code will be executed whenever a user visits the infected page.
This vulnerability enables attackers to inject arbitrary web scripts, which can be used to steal user data, take control of user sessions, or redirect users to malicious websites. Since it affects pages that use the Payment Button for PayPal plugin, it can compromise the security and integrity of e-commerce transactions and sensitive user information.