GNU Mailman Postorius up to 1.3.4 POST Request views/list.py access control
A vulnerability has been found in GNU Mailman Postorius up to 1.3.4 (Mail Client Software) and classified as critical. Affected by this vulnerability is an unknown part of the file views/list.py of the component POST Request Handler. Upgrading to version 1.3.5 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix […]
Ionic Identity Vault up to 4 on Android improper authentication
A vulnerability was found in Ionic Identity Vault up to 4 on Android (Android App Software) and classified as critical. Affected by this issue is an unknown code. Upgrading to version 5 eliminates this vulnerability.
btcpayserver Web Page Generation cross site scripting [CVE-2021-3646]
A vulnerability was found in btcpayserver (the affected version unknown). It has been classified as problematic. This affects an unknown code block of the component Web Page Generation Handler. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com.
Zoho ManageEngine ADSelfService Plus up to 6111 Database Linking sql injection
A vulnerability, which was classified as critical, was found in Zoho ManageEngine ADSelfService Plus up to 6111. Affected is some unknown functionality of the component Database Linking. Applying a patch is able to eliminate this problem. The bugfix is ready for download at pitstop.manageengine.com.
Custom Website Data Plugin up to 2.2 on WordPress Parameter ~/views/edit.php id cross site scripting
A vulnerability was found in Custom Website Data Plugin up to 2.2 on WordPress (WordPress Plugin). It has been rated as problematic. This issue affects an unknown part of the file ~/views/edit.php of the component Parameter Handler. Applying a patch is able to eliminate this problem. The bugfix is ready for download at plugins.trac.wordpress.org.
Advance Search Plugin up to 1.1.2 on WordPress Parameter html-advance-search-admin-options.php wpas_id cross site scripting
A vulnerability classified as problematic has been found in Advance Search Plugin up to 1.1.2 on WordPress (WordPress Plugin). Affected is an unknown code of the file ~/inc/admin/views/html-advance-search-admin-options.php of the component Parameter Handler. Applying a patch is able to eliminate this problem. The bugfix is ready for download at plugins.trac.wordpress.org.
spideranalyse Plugin up to 0.0.1 on WordPress Parameter ~/analyse/index.php date cross site scripting
A vulnerability classified as problematic was found in spideranalyse Plugin up to 0.0.1 on WordPress (WordPress Plugin). Affected by this vulnerability is an unknown code block of the file ~/analyse/index.php of the component Parameter Handler. Applying a patch is able to eliminate this problem. The bugfix is ready for download at plugins.trac.wordpress.org.
OSD Subscribe Plugin up to 1.2.3 on WordPress Parameter osd_subscribe_options_subscribers.php osd_subscribe_message cross site scripting
A vulnerability, which was classified as problematic, has been found in OSD Subscribe Plugin up to 1.2.3 on WordPress (WordPress Plugin). Affected by this issue is some unknown processing of the file ~/options/osd_subscribe_options_subscribers.php of the component Parameter Handler. Applying a patch is able to eliminate this problem. The bugfix is ready for download at plugins.trac.wordpress.org.
Web Push Notifications Plugin up to 2.1.8 on WordPress Parameter ~/includes/base.php feedify_msg cross site scripting
A vulnerability, which was classified as problematic, was found in Web Push Notifications Plugin up to 2.1.8 on WordPress (WordPress Plugin). This affects an unknown function of the file ~/includes/base.php of the component Parameter Handler. Applying a patch is able to eliminate this problem. The bugfix is ready for download at plugins.trac.wordpress.org.
Dropdown and Scrollable Text Plugin up to 2.0 on WordPress Parameter ~/index.php content cross site scripting
A vulnerability has been found in Dropdown and Scrollable Text Plugin up to 2.0 on WordPress (WordPress Plugin) and classified as problematic. This vulnerability affects an unknown functionality of the file ~/index.php of the component Parameter Handler. Applying a patch is able to eliminate this problem. The bugfix is ready for download at plugins.trac.wordpress.org.
WordPress Bug Library Plugin up to 2.0.3 Parameter ~/bug-library.php successimportcount cross site scripting
A vulnerability was found in WordPress Bug Library Plugin up to 2.0.3 (Content Management System) and classified as problematic. This issue affects some unknown functionality of the file ~/bug-library.php of the component Parameter Handler. Applying a patch is able to eliminate this problem. The bugfix is ready for download at plugins.trac.wordpress.org.
SMS OVH Plugin up to 0.1 on WordPress Parameter ~/sms-ovh-sent.php position cross site scripting
A vulnerability was found in SMS OVH Plugin up to 0.1 on WordPress (WordPress Plugin). It has been classified as problematic. Affected is an unknown part of the file ~/sms-ovh-sent.php of the component Parameter Handler. Applying a patch is able to eliminate this problem. The bugfix is ready for download at plugins.trac.wordpress.org.
MoolaMojo Plugin up to 0.7.4.1 on WordPress Parameter button-generator.html.php classes cross site scripting
A vulnerability was found in MoolaMojo Plugin up to 0.7.4.1 on WordPress (WordPress Plugin). It has been declared as problematic. Affected by this vulnerability is an unknown code of the file ~/views/button-generator.html.php of the component Parameter Handler. Applying a patch is able to eliminate this problem. The bugfix is ready for download at plugins.trac.wordpress.org.
InviteBox Plugin for Viral Refer-a-Friend Promotions Plugin Parameter ~/admin/admin.php cross site scripting
A vulnerability was found in InviteBox Plugin for Viral Refer-a-Friend Promotions Plugin up to 1.4.1 on WordPress (WordPress Plugin). It has been rated as problematic. Affected by this issue is an unknown code block of the file ~/admin/admin.php of the component Parameter Handler. Applying a patch is able to eliminate this problem. The bugfix is […]
PlaySMS up to 1.4.4 index.php code injection
A vulnerability classified as critical has been found in PlaySMS up to 1.4.4. This affects some unknown processing of the file index.php?app=main&inc=core_welcome. Upgrading to version 1.4.5 eliminates this vulnerability. The upgrade is hosted for download at playsms.org.
Zoho ManageEngine DesktopCentral up to 10.1.2119.7 API Key improper authentication
A vulnerability classified as critical was found in Zoho ManageEngine DesktopCentral up to 10.1.2119.7. This vulnerability affects an unknown function of the component API Key Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Zoho ManageEngine ADSelfService Plus up to 6111 Linked Application Privilege Escalation
A vulnerability, which was classified as problematic, has been found in Zoho ManageEngine ADSelfService Plus up to 6111. This issue affects an unknown functionality of the component Linked Application Handler. Applying a patch is able to eliminate this problem. The bugfix is ready for download at pitstop.manageengine.com.
GNU-Mailman Integration Plugin up to 1.0.6 on WordPress Parameter mailing-lists-page.php gm_error cross site scripting
A vulnerability was found in GNU-Mailman Integration Plugin up to 1.0.6 on WordPress (WordPress Plugin). It has been declared as problematic. This vulnerability affects an unknown code block of the file ~/includes/admin/mailing-lists-page.php of the component Parameter Handler. Applying a patch is able to eliminate this problem. The bugfix is ready for download at plugins.trac.wordpress.org.
Border Loading Bar Plugin up to 1.0.1 on WordPress Parameter iframe-googlefont-preview.php f/t cross site scripting
A vulnerability was found in Border Loading Bar Plugin up to 1.0.1 on WordPress (WordPress Plugin). It has been rated as problematic. This issue affects some unknown processing of the file ~/titan-framework/iframe-googlefont-preview.php of the component Parameter Handler. Applying a patch is able to eliminate this problem. The bugfix is ready for download at plugins.trac.wordpress.org.
WordPress wp-publications Plugin Archive ~/bibtexbrowser.php Q_FILE path traversal
A vulnerability classified as critical has been found in WordPress wp-publications Plugin (Content Management System) (version unknown). Affected is an unknown function of the file ~/bibtexbrowser.php of the component Archive Handler. Applying a patch is able to eliminate this problem. The bugfix is ready for download at plugins.trac.wordpress.org.
WooCommerce Payment Gateway Per Category Plugin up to 2.0.10 on WordPress plugin_settings.php $_SERVER[“PHP_SELF”] cross site scripting
A vulnerability classified as problematic was found in WooCommerce Payment Gateway Per Category Plugin up to 2.0.10 on WordPress (E-Commerce Management Software). Affected by this vulnerability is an unknown functionality of the file ~/includes/plugin_settings.php. Applying a patch is able to eliminate this problem. The bugfix is ready for download at plugins.trac.wordpress.org.
Integration of Moneybird for WooCommerce Plugin up to 2.1.1 on wordpr Parameter wcmb-admin.php error_description cross site scripting
A vulnerability, which was classified as problematic, has been found in Integration of Moneybird for WooCommerce Plugin up to 2.1.1 on wordpr (E-Commerce Management Software). Affected by this issue is some unknown functionality of the file ~/templates/wcmb-admin.php of the component Parameter Handler. Applying a patch is able to eliminate this problem. The bugfix is ready […]
Post Title Counter Plugin up to 1.1 on WordPress Parameter ~/post-title-counter.php notice cross site scripting
A vulnerability, which was classified as problematic, was found in Post Title Counter Plugin up to 1.1 on WordPress (WordPress Plugin). This affects an unknown part of the file ~/post-title-counter.php of the component Parameter Handler. Applying a patch is able to eliminate this problem. The bugfix is ready for download at plugins.trac.wordpress.org.
YouTube Video Inserter Plugin up to 1.2.1.0 on WordPress ~/adminUI/settings.php $_SERVER[“PHP_SELF”] cross site scripting
A vulnerability has been found in YouTube Video Inserter Plugin up to 1.2.1.0 on WordPress (Social Network Software) and classified as problematic. This vulnerability affects an unknown code of the file ~/adminUI/settings.php. Applying a patch is able to eliminate this problem. The bugfix is ready for download at plugins.trac.wordpress.org.