The Booknetic plugin for WordPress is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability in versions prior to 4.1.5. This flaw allows an attacker to exploit the lack of CSRF checks during the creation of Staff accounts, enabling unauthorized modifications by making a logged-in admin...

The Smart Maintenance Mode WordPress plugin prior to version 1.5.2 fails to properly sanitize and escape certain settings. This vulnerability allows high privilege users, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks, even when the unfiltered_html capability is rest...

The wp-svg-upload plugin for WordPress versions up to 1.0.0 is vulnerable due to inadequate sanitization of SVG file contents. Users with author-level permissions can upload SVG files embedded with malicious JavaScript, allowing for Stored XSS attacks. This vulnerability can lead to unauthorized ...

A security flaw exists in the Next.js framework that allows an attacker to bypass authorization checks if such checks are implemented in middleware. This vulnerability arises in versions prior to 14.2.25 and 15.2.3. To mitigate risk, it is recommended to restrict incoming requests that include th...

A security flaw exists in the Next.js framework that allows an attacker to bypass authorization checks if such checks are implemented in middleware. This vulnerability arises in versions prior to 14.2.25 and 15.2.3. To mitigate risk, it is recommended to restrict incoming requests that include th...

A vulnerability has been identified in the Open Asset Import Library Assimp version 5.4.3, specifically within the AI_MD5_PARSE_STRING_IN_QUOTATION function in the MD5Parser.cpp file. This security flaw allows for heap-based buffer overflow due to improper handling of data arguments. The vulnerab...

A heap-based buffer overflow vulnerability exists in Open Asset Import Library Assimp version 5.4.3 due to improper handling of the argument 'tmp' in the AC3D File Handler's ConvertObjectSection function. This issue allows potential attackers to exploit the vulnerability remotely, by triggering t...

A significant vulnerability has been identified in the Open Asset Import Library Assimp, specifically in the AC3D File Handler. The issue arises within the function Assimp::AC3DImporter::ConvertObjectSection in the file ACLoader.cpp. The flaw involves improper handling of the src.entries argument...

A vulnerability exists in the Open Asset Import Library Assimp 5.4.3 stemming from the function Assimp::AC3DImporter::ConvertObjectSection located in ALoader.cpp. This flaw allows for manipulations that can lead to a heap-based buffer overflow, making it possible for an attacker to exploit the ap...

An out-of-bounds read vulnerability exists in Open Asset Import Library Assimp version 5.4.3, particularly within the SceneCombiner::MergeScenes function in the LWS File Handler. This flaw allows for remote exploitation, potentially leading to unauthorized access or information leakage. The vulne...

A vulnerability has been identified in Open Asset Import Library Assimp, specifically in version 5.4.3, under the function fast_atoreal_move located in include/assimp/fast_atof.h. This flaw permits an out-of-bounds read, which can potentially be exploited through remote attacks. Public disclosure...

A vulnerability has been identified in the Open Asset Import Library (Assimp) version 5.4.3, specifically in the CSM File Handler component's InternReadFile function. This vulnerability arises from improper handling of the 'na' argument, leading to an out-of-bounds read condition. The flaw can be...

A vulnerability exists in Open Asset Import Library Assimp version 5.4.3, specifically within the Assimp::CSMImporter::InternReadFile function located in CSM File Handler's CSMLoader.cpp. This flaw allows for out-of-bounds write operations that could be exploited remotely, potentially leading to ...

A vulnerability has been identified in the Material Upload Interface of zhijiantianya Ruoyi-Vue-Pro version 2.4.1, specifically within the file /admin-api/mp/material/upload-news-image. This flaw allows attackers to manipulate the File argument, leading to potential path traversal exploits. The n...

A path traversal vulnerability exists in the Material Upload Interface of the ruoyi-vue-pro version 2.4.1. The flaw allows attackers to manipulate the File argument in the /admin-api/mp/material/upload-temporary endpoint, potentially leading to unauthorized file access or deletion. This attack ca...

A security issue in the Kubernetes platform allows an unauthenticated attacker with access to the pod network to execute arbitrary code within the context of the ingress-nginx controller. This vulnerability poses serious security risks, as it can potentially expose sensitive secrets accessible to...

A security flaw exists in the Next.js framework that allows an attacker to bypass authorization checks if such checks are implemented in middleware. This vulnerability arises in versions prior to 14.2.25 and 15.2.3. To mitigate risk, it is recommended to restrict incoming requests that include th...

A vulnerability discovered in the zhijiantianya ruoyi-vue-pro product allows remote attackers to manipulate the argument 'File' in the Material Upload Interface. This manipulation may lead to unauthorized access and path traversal, potentially enabling attackers to access sensitive files on the s...

A security vulnerability has been identified in the PHPGurukul Old Age Home Management System version 1.0, specifically in the file /admin/eligibility.php. This vulnerability arises from improper handling of user input in the argument 'pagetitle', which can be exploited via a SQL injection attack...

This vulnerability arises from insufficient sanitization and escaping of certain parameters during page output, which could allow unauthenticated users to execute stored Cross-Site Scripting (XSS) attacks. If exploited, attackers can manipulate user sessions, deliver malicious payloads, or intera...

The Favorites WordPress plugin versions prior to 2.3.5 are vulnerable due to insufficient sanitization and escaping of certain settings. This flaw allows high privilege users, including administrators, to execute Stored Cross-Site Scripting (XSS) attacks, regardless of the unfiltered_html capabil...

This vulnerability allows attackers to inject malicious scripts into web pages viewed by users, exploiting weaknesses in the input validation within the eCommerce plugin for WordPress. If exploited, this could lead to the execution of arbitrary JavaScript code in the context of the user's session...

The WP-Recall plugin for WordPress prior to version 16.26.12 contains a vulnerability that allows attackers to execute SQL injection attacks. This occurs due to a failure to properly sanitize and escape user-supplied input in SQL statements. Consequently, administrators could be manipulated into ...

The Stylish Google Sheet Reader plugin for WordPress versions prior to 4.1 contains a vulnerability where user-supplied input is not properly sanitized or escaped before being rendered on the web page. This oversight can lead to Reflected Cross-Site Scripting (XSS) attacks, allowing malicious act...

The AOA Downloadable plugin for WordPress versions up to 0.1.0 has a security weakness due to improper authorization and authentication on its download.php endpoint. This vulnerability enables malicious actors to send requests to arbitrary URLs without the need for user authentication, potentiall...

The aoa-downloadable WordPress plugin versions up to 0.1.0 contains a security flaw that fails to properly validate parameters in its download function. This lack of validation allows unauthenticated attackers to exploit the vulnerability and download arbitrary files from the server, potentially ...

The Simple Banner plugin for WordPress, versions prior to 3.0.4, fails to properly sanitize and escape certain configuration settings. This oversight permits users with elevated privileges, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks. Even in multisite environment...

The IP Based Login plugin for WordPress, prior to version 2.4.1, is susceptible to Cross-Site Request Forgery (CSRF) attacks. This vulnerability arises from the absence of adequate CSRF checks, allowing attackers to exploit legitimate user sessions and perform unauthorized actions on behalf of lo...

The AFI WordPress plugin prior to version 1.100.0 lacks proper sanitization and escaping measures for certain settings, which may permit high privilege users, including administrators, to execute Stored Cross-Site Scripting (XSS) attacks. This vulnerability poses a risk even in environments where...

The AFI WordPress plugin fails to adequately sanitize and escape certain settings, enabling users with elevated privileges, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks. This vulnerability poses a significant risk in configurations where the unfiltered_html capabil...

A vulnerability exists in the Product Labels for Woocommerce (Sale Badges) plugin, where it fails to properly sanitize and escape a specific parameter used in SQL statements. This oversight can be exploited by administrators to conduct SQL injection attacks, potentially leading to unauthorized da...

The Smart Maintenance Mode plugin for WordPress, prior to version 1.5.2, has a security flaw that allows high privilege users, such as administrators, to execute stored cross-site scripting (XSS) attacks. This vulnerability arises from the plugin's failure to properly sanitize and escape certain ...

A vulnerability exists in PHPGurukul's Old Age Home Management System, version 1.0, specifically in the processing of the file /admin/manage-services.php. An attacker can exploit this weakness by manipulating the 'sertitle' parameter, leading to unauthorized SQL injection attacks. This allows for...

The WP Tabs WordPress plugin, prior to version 2.2.7, fails to adequately sanitize and escape certain settings. This shortcoming enables high privilege users, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks, even in scenarios where the unfiltered_html capability is re...

The Contact Form & SMTP Plugin for WordPress by PirateForms versions earlier than 2.6.0 does not adequately sanitize and escape certain settings. This lack of proper validation enables high privilege users, like administrators, to execute Stored Cross-Site Scripting (XSS) attacks, compromising se...

A security vulnerability exists in the Events Calendar plugin for WordPress, where insufficient sanitization and escaping of certain settings allow high privilege users, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks. This vulnerability can compromise the security of...

The Quiz and Survey Master plugin for WordPress, prior to version 9.2.1, fails to properly sanitize and escape certain settings. This oversight enables users with elevated privileges, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks, even if the unfiltered_html capabil...

The Contact Form & SMTP Plugin for WordPress by PirateForms prior to version 2.6.0 is susceptible to stored cross-site scripting attacks. The vulnerability arises due to the failure to properly sanitize and escape certain settings, allowing high-privilege users, such as administrators, to exploit...

The Slider by 10Web WordPress plugin prior to version 1.2.62 has a vulnerability due to improper sanitization and escaping of certain settings. This flaw permits high privilege users, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks. Even in configurations where the un...

The Product Labels For Woocommerce (Sale Badges) plugin for WordPress prior to version 1.5.11 is susceptible to SQL injection due to improper sanitization and escaping of input parameters in SQL statements. This vulnerability enables an attacker with administrative privileges to execute arbitrary...

The Slider by 10Web plugin for WordPress prior to version 1.2.62 contains a vulnerability due to insufficient sanitization and escaping of certain settings. This flaw allows users with high privileges, such as administrators, to exploit the vulnerability and launch Stored Cross-Site Scripting (XS...

A vulnerability has been discovered in PHPGurukul's Old Age Home Management System version 1.0, which allows remote attackers to manipulate the 'namesc' parameter within the file '/admin/manage-scdetails.php'. This manipulation can lead to SQL injection, potentially compromising the database and ...

The Form Maker plugin developed by 10Web for WordPress prior to version 1.15.30 contains a serious vulnerability due to inadequate sanitization and escaping of certain settings. This oversight permits high-privilege users, such as administrators, to carry out Stored Cross-Site Scripting (XSS) att...

The Stylish Price List plugin for WordPress prior to version 7.1.12 has a serious security flaw that fails to properly sanitize and escape certain settings. This vulnerability may allow high privilege users, such as contributors, to execute Stored Cross-Site Scripting (XSS) attacks, even when the...

The WP-Advanced-Search plugin for WordPress versions prior to 3.3.9.3 contains a vulnerability where it fails to properly sanitize and escape certain settings. This oversight could result in high privilege users, specifically admins, being able to execute Stored Cross-Site Scripting (XSS) attacks...

The Job Postings plugin for WordPress, specifically versions prior to 2.7.11, is susceptible to a stored cross-site scripting vulnerability. This arises due to insufficient sanitization and escaping of certain settings, allowing high privilege users, such as contributors, to execute harmful scrip...

A significant SQL injection vulnerability has been identified in the PHPGurukul Old Age Home Management System version 1.0. The flaw resides in the 'pagetitle' parameter within the '/admin/contactus.php' file, allowing attackers to manipulate this argument to execute arbitrary SQL commands. This ...

A vulnerability exists in the PHPGurukul Old Age Home Management System version 1.0, specifically within the /admin/bwdates-report-details.php file. This vulnerability allows for SQL injection through the manipulation of the 'fromdate' argument, which could lead to unauthorized access to the data...

An SQL injection vulnerability has been identified in the PHPGurukul Old Age Home Management System version 1.0. This issue arises from the manipulation of the 'sertitle' argument within the /admin/add-services.php file. As a result, unauthorized users could execute remote attacks by exploiting t...

An SQL injection vulnerability has been identified in the PHPGurukul Old Age Home Management System, specifically in the '/admin/aboutus.php' file. This vulnerability arises from improper handling of user input in the 'pagetitle' parameter, allowing attackers to execute malicious SQL queries remo...