5.3
CVE-2017-20194 - Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure
The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form.
4.3
CVE-2024-9540 - Sina Extension for Elementor <= 3.5.7 - Authenticated (Contributor+) Sensitive Information Exposureโฆ
The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets/advanced/sina-modal-box.php. This makes it possible for authenticated attackers, with Contributor-level access and aboโฆ
7.1
CVE-2021-4452 - Google Language Translator <= 6.0.9 - Reflected Cross-Site Scripting
The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web โฆ
4.7
CVE-2017-20193 - Product Vendors <= 2.0.35 - Reflected Cross Site Scripting
The Product Vendors is vulnerable to Reflected Cross-Site Scripting via the 'vendor_description' parameter in versions up to, and including, 2.0.35 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pagโฆ
7.3
CVE-2020-36840 - Timetable and Event Schedule by MotoPress <= 2.3.8 - Missing Authorization
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX action in versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackerโฆ
6.4
CVE-2023-7296 - BigBlueButton <= 3.0.0-beta.4 - Authenticated (Author+) Stored Cross-Site Scripting
The BigBlueButton plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the moderator code and viewer code fields in versions up to, and including, 3.0.0-beta.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with auโฆ
9.8
CVE-2016-15042 - Frontend File Manager < 4.0 & N-Media Post Front-end Form < 1.1 & - Arbitrary File Upload
The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions. This makes it possible for unโฆ
7.3
CVE-2024-9061 - WP Popup Builder โ Popup Forms and Marketing Lead Generation <= 1.3.5 - Unauthenticated Arbitrary Sโฆ
The The WP Popup Builder โ Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action โฆ
7.5
CVE-2024-45711 - SolarWinds Serv-U FTP Service Directory Traversal Remote Code Execution Vulnerability
SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are abused. Authenticatioโฆ
4.8
CVE-2024-45714 - SolarWinds Serv-U Stored XSS Vulnerability
Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with usersโ permissions can modify a variable with a payload.