Imperial CMS v7.5 was discovered to contain an arbitrary file deletion vulnerability via the DelspReFile function in /sp/ListSp.php. This vulnerability is exploited by attackers via a crafted POST req ...
Continue Reading
June 07, 2023
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in versions up to, and including, 18.2. This is due to lacking authentication protections on the wpfm_sen ...
Continue Reading
June 07, 2023
The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmp_get_post_detail(), niteo_export_csv(), and cmp_disable_comingsoon_ajax() functions in versions ...
Continue Reading
June 07, 2023
The uListing plugin for WordPress is vulnerable to generic SQL Injection via the âlisting_idâ parameter in versions up to, and including, 1.6.6 due to insufficient escaping on the user suppl ...
Continue Reading
June 07, 2023
The function update_shipment_status_email_status_fun in the plugin Advanced Shipment Tracking for WooCommerce in versions up to 3.2.6 is vulnerable to authenticated arbitrary options update. The funct ...
Continue Reading
June 07, 2023
The Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Plugin Settings update, in addition to Stored Cross-Site Scripting in versions up to, and ...
Continue Reading
June 07, 2023
The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated Account Creation in versions up to, and including, 1.6.6. This is due to the stm_listing_register AJAX action ...
Continue Reading
June 07, 2023
The Frontend File Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 18.2. This is due to lacking mishandling the use of user IDs that is accessible b ...
Continue Reading
June 07, 2023
Back to Main
