| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server. |
| The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts. |
| The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorisation on that action, allowing authenticated users with minimal permissions, such as subscribers, to perform SQL injection attacks. |
| Contributor Broken Access Control in Forget About Shortcode Buttons <= 2.1.3 versions. |
| Subscriber Broken Access Control in Restaurant Menu by MotoPress <= 2.4.11 versions. |
| Contributor Broken Access Control in Live Copy Paste for Elementor <= 1.5.3 versions. |
| Unauthenticated Broken Access Control in Donation Thermometer <= 2.2.7 versions. |
| Unauthenticated Content Injection in Auros Core <= 5.3.1 versions. |
| Unauthenticated Insecure Direct Object References (IDOR) in BookPro <= 1.1.0 versions. |
| Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey <= 4.4.3 versions. |
| Contributor Local File Inclusion in Goya Core < 1.0.9.4 versions. |
| Contributor Cross Site Scripting (XSS) in Image Carousel <= 1.0.0.41 versions. |
| Contributor Cross Site Scripting (XSS) in BNE Testimonials <= 2.0.8 versions. |
| Unauthenticated Backdoor in Enable CORS <= 2.0.3 versions. |
| Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <= 2.3.2 versions. |
| Unauthenticated Broken Access Control in Five Star Restaurant Menu <= 2.5.2 versions. |
| Unauthenticated Broken Access Control in Intranet & Private Site – All-In-One Intranet <= 1.8.1 versions. |
| Unauthenticated Sensitive Data Exposure in Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups <= 2.0.9 versions. |
| Unauthenticated Broken Access Control in Syncee Premium Dropshipping & Wholesale <= 1.0.27 versions. |
| Unauthenticated Broken Access Control in Paymob for WooCommerce <= 4.1.2 versions. |
