Search CVE reports
21 – 30 of 360 results
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to...
1 affected package
wordpress
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
wordpress | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them...
1 affected package
wordpress
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
wordpress | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 4 of 102
moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment...
11 affected packages
node-moment, gnucash, mediawiki, ntopng, odoo...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
node-moment | Not affected | Fixed | Fixed | Fixed |
gnucash | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
mediawiki | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ntopng | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
odoo | Needs evaluation | Needs evaluation | Not in release | Not in release |
omnidb | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
ruby-momentjs-rails | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
sabnzbdplus | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
syncthing | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
wordpress | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
postfixadmin | Vulnerable | Fixed | Not affected | Not affected |
The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due...
2 affected packages
wordpress, zephyr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
wordpress | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
zephyr | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
The WP Socializer WordPress plugin before 7.3 does not sanitise and escape some of its Icons settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when...
1 affected package
wordpress
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
wordpress | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
The DSGVO All in one for WP WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when...
1 affected package
wordpress
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
wordpress | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there’s potential for unintended SQL queries to...
1 affected package
wordpress
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
wordpress | Not affected | Not affected | Needs evaluation | Needs evaluation |
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through...
1 affected package
wordpress
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
wordpress | Not affected | Not affected | Needs evaluation | Needs evaluation |
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS...
1 affected package
wordpress
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
wordpress | Not affected | Not affected | Needs evaluation | Needs evaluation |
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or...
1 affected package
wordpress
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
wordpress | Not affected | Not affected | Needs evaluation | Needs evaluation |