Search Results (35577 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-23981 1 Quadlayers 1 Perfect Brands For Woocommerce 2025-02-20 4.3 Medium
The vulnerability allows Subscriber+ level users to create brands in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4).
CVE-2022-41652 1 Expresstech 1 Quiz And Survey Master 2025-02-20 6.5 Medium
Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.
CVE-2022-41155 1 Webence 1 Iq Block Country 2025-02-20 5.3 Medium
Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress.
CVE-2022-36793 1 Wp-shop 1 Wp Shop 2025-02-20 6.5 Medium
Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin <= 3.9.6 at WordPress.
CVE-2022-38067 1 Total-soft 1 Event Calendar 2025-02-20 6.5 Medium
Unauthenticated Event Deletion vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress.
CVE-2022-41623 1 Villatheme 1 Dropshipping And Fulfillment For Aliexpress And Woocommerce 2025-02-20 7.5 High
Sensitive Data Exposure in Villatheme ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 on WordPress.
CVE-2022-41978 1 Zohocorp 1 Zoho Crm Lead Magnet 2025-02-20 8.8 High
Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress.
CVE-2022-45069 1 Automattic 1 Crowdsignal Dashboard 2025-02-20 6.3 Medium
Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal Dashboard plugin <= 3.0.9 on WordPress.
CVE-2022-42883 1 Expresstech 1 Quiz And Survey Master 2025-02-20 5.3 Medium
Sensitive Information Disclosure vulnerability discovered by Quiz And Survey Master plugin <= 7.3.10 on WordPress.
CVE-2022-44584 1 Watchtowerhq 1 Watchtower 2025-02-20 9.1 Critical
Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.
CVE-2022-41655 1 Algolplus 1 Phone Orders For Woocommerce 2025-02-20 4.3 Medium
Auth. (subscriber+) Sensitive Data Exposure vulnerability in Phone Orders for WooCommerce plugin <= 3.7.1 on WordPress.
CVE-2022-41135 1 Wpchill 1 Customizable Wordpress Gallery Plugin - Modula Image Gallery 2025-02-20 6.5 Medium
Unauth. Plugin Settings Change vulnerability in Modula plugin <= 2.6.9 on WordPress.
CVE-2023-5952 1 Welcart 1 Welcart E-commerce 2025-02-20 9.8 Critical
The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog
CVE-2024-55952 1 Dataease 1 Dataease 2025-02-20 8.8 High
DataEase is an open source business analytics tool. Authenticated users can remotely execute code through the backend JDBC connection. When constructing the jdbc connection string, the parameters are not filtered. Constructing the host as ip:5432/test/?socketFactory=org.springframework.context.support.ClassPathXmlApplicationContext&socketFactoryArg=http://ip:5432/1.xml&a= can trigger the ClassPathXmlApplicationContext construction method. The vulnerability has been fixed in v1.18.27. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-21068 1 Google 1 Android 2025-02-20 7.8 High
In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243433344References: N/A
CVE-2023-21067 1 Google 1 Android 2025-02-20 7.5 High
Product: AndroidVersions: Android kernelAndroid ID: A-254114726References: N/A
CVE-2023-21061 1 Google 1 Android 2025-02-20 7.5 High
Product: AndroidVersions: Android kernelAndroid ID: A-229255400References: N/A
CVE-2023-27517 1 Intel 16 Nma1xxd128gpsu4, Nma1xxd128gpsuf, Nma1xxd256gpsu4 and 13 more 2025-02-20 6.6 Medium
Improper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an athenticated user to potentially enable escalation of privilege via local access.
CVE-2020-36666 1 E-plugins 11 Directory Pro, Final User, Fitness Trainer and 8 more 2025-02-19 8.8 High
The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin before 1.0.9, real-estate-pro WordPress plugin before 1.7.1, institutions-directory WordPress plugin before 1.3.1, lawyer-directory WordPress plugin before 1.2.9, doctor-listing WordPress plugin before 1.3.6, Hotel Listing WordPress plugin before 1.3.7, fitness-trainer WordPress plugin before 1.4.1, wp-membership WordPress plugin before 1.5.7, sold by the same developer (e-plugins), do not implementing any security measures in some AJAX calls. For example in the file plugin.php, the function iv_directories_update_profile_setting() uses update_user_meta with any data provided by the ajax call, which can be used to give the logged in user admin capabilities. Since the plugins allow user registration via a custom form (even if the blog does not allow users to register) it makes any site using it vulnerable.
CVE-2023-0326 1 Gitlab 1 Dynamic Application Security Testing Analyzer 2025-02-19 5 Medium
An issue has been discovered in GitLab DAST API scanner affecting all versions starting from 1.6.50 before 2.11.0, where Authorization headers was leaked in vulnerability report evidence.