Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in wpshopmart Testimonial Builder plugin <= 1.6.1 at WordPress. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için…

Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etc_ro/web/syscmd.asp. Zafiyet ile ilgili Genel…

The Simple Banner WordPress plugin before 2.12.0 does not properly sanitize its “Simple Banner Text” Settings allowing high privilege users to perform Cross-Site Scripting attacks…

The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to…

The Coming Soon – Under Construction WordPress plugin through 1.1.9 does not sanitize and escape some of its settings, which could allow high-privileged users to…

The Rezgo Online Booking WordPress plugin before 4.1.8 does not sanitise and escape some parameters before outputting them back in a page, leading to a…

A flaw was found in cluster-ingress-operator. A change to how the router-default service allows only certain IP source ranges could allow an attacker to access…

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action (available to both unauthenticated and…

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tp_translation AJAX action, leading to Stored Cross-Site…

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not have CSRF check in its tp_translation AJAX action, which could allow attackers to make authorised…