| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Folio simple-folio allows Cross Site Request Forgery.This issue affects Simple Folio: from n/a through <= 1.1.0. |
| Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements (ASE): from n/a through <= 8.0.8. |
| Missing Authorization vulnerability in Ronald Huereca Photo Block photo-block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Block: from n/a through <= 1.5.1. |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a through < 3.6. |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AmentoTech Tuturn tuturn allows Path Traversal.This issue affects Tuturn: from n/a through < 3.6. |
| Missing Authorization vulnerability in Evergreen Content Poster Evergreen Content Poster evergreen-content-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Evergreen Content Poster: from n/a through <= 1.4.5. |
| Cross-Site Request Forgery (CSRF) vulnerability in colabrio Stockie Extra stockie-extra allows Cross Site Request Forgery.This issue affects Stockie Extra: from n/a through <= 1.2.11. |
| The authentication endpoint fails to encode user-supplied input before rendering it in the web page, allowing for script injection.
An attacker can leverage this by injecting malicious scripts into the authentication endpoint. This can result in the user's browser being redirected to a malicious website, manipulation of the web page's user interface, or the retrieval of information from the browser. However, session hijacking is not possible due to the httpOnly flag protecting session-related cookies. |
| Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16. |
| Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets masterstudy-elementor-widgets allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masterstudy Elementor Widgets: from n/a through <= 1.2.4. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through <= 7.6.0. |
| Cross-Site Request Forgery (CSRF) vulnerability in blubrry PowerPress Podcasting powerpress allows Cross Site Request Forgery.This issue affects PowerPress Podcasting: from n/a through <= 11.13.12. |
| Missing Authorization vulnerability in WpEstate wpresidence wpresidence allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpresidence: from n/a through <= 5.3.2. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows DOM-Based XSS.This issue affects XStore Core: from n/a through < 5.6. |
| Authorization Bypass Through User-Controlled Key vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through <= 2.0.9.9.4. |
| Authorization Bypass Through User-Controlled Key vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.23. |
| Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal Post Snippets post-snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through <= 4.0.11. |
| Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through <= 7.40. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thinkupthemes Consulting consulting allows Stored XSS.This issue affects Consulting: from n/a through <= 1.5.0. |
| Missing Authorization vulnerability in WP Grids EasyTest convertpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EasyTest: from n/a through <= 1.0.1. |
