|
CVE-2021-34619
|
Cross-Site Request Forgery in WooCommerce Stock Manager WordPress Plugin |
StoreApps |
WooCommerce Stock Manager |
2021-06-14 08:23:03 UTC |
Wordfence |
|
CVE-2021-24370
|
Fancy Product Designer < 4.6.9 - Unauthenticated Arbitrary File Upload and RCE |
Unknown |
Fancy Product Designer |
2021-06-01 08:59:19 UTC |
Wordfence |
|
CVE-2021-24175
|
The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass |
Unknown |
The Plus Addons for Elementor Page Builder |
2021-04-05 18:27:44 UTC |
CVE |
|
CVE-2021-24217
|
Facebook for WordPress < 3.0.0 - PHP Object Injection with POP Chain |
Unknown |
Facebook for WordPress |
2021-03-25 07:17:45 UTC |
Wordfence |
|
CVE-2021-24219
|
All Thrive Themes and Plugins - Unauthenticated Option Update |
Thrive Themes |
Thrive Optimize, Thrive Comments, Thrive Headline Optimizer, Thrive Leads, Thrive Ultimatum, Thrive Quiz Builder, Thrive Apprentice, Thrive Visual Editor, Thrive Dashboard, Thrive Ovation, Thrive Clever Widgets, Rise by Thrive Themes, Ignition by Thrive Themes, Luxe by Thrive Themes, FocusBlog by Thrive Themes, Minus by Thrive Themes, Squared by Thrive Themes, Voice, Performag by Thrive Themes, Pressive by Thrive Themes, Storied by Thrive Themes, Thrive Themes Builder |
2021-03-24 10:36:04 UTC |
Wordfence |
|
CVE-2021-24170
|
User Profile Picture < 2.5.0 - Sensitive Information Disclosure |
Unknown |
User Profile Picture |
2021-03-03 06:33:07 UTC |
Wordfence |
|
CVE-2021-3122
|
CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to... |
NCR |
Command Center Agent |
2021-02-07 19:45:03 UTC |
CVE |
|
CVE-2021-3006
|
The breed function in the smart contract implementation for Farm in Seal Finance (Seal), an Ethereum token, lacks access control and thus allows... |
Seal Finance |
Seal |
2021-01-03 05:49:30 UTC |
CVE |
|
CVE-2020-35234
|
The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker... |
WordPress |
easy-wp-smtp plugin |
2020-12-14 02:21:44 UTC |
CVE |
|
CVE-2020-26876
|
The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step (for course videos and materials) by... |
WordPress |
wp-courses plugin |
2020-10-07 16:56:25 UTC |
CVE |
|
CVE-2020-35948
|
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify... |
watchful.li |
XCloner Backup and Restore |
2020-09-22 13:28:02 UTC |
Wordfence |
|
CVE-2020-35949
|
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to... |
WordPress |
Quiz and Survey Master plugin |
2020-08-13 12:09:59 UTC |
Wordfence |
|
CVE-2020-35945
|
An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with... |
Elegant Themes |
Divi |
2020-08-04 05:57:42 UTC |
Wordfence |
|
CVE-2020-15129
|
Open redirect in Traefik |
containous |
traefik |
2020-07-30 15:20:15 UTC |
CVE |
|
CVE-2020-24186
|
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to... |
gVectors |
wpDiscuz |
2020-07-28 14:15:03 UTC |
Wordfence |
|
CVE-2020-13125
|
An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in... |
Brainstorm Force |
Ultimate Addons for Elementor |
2020-05-17 00:39:00 UTC |
CVE |
|
CVE-2020-13126
|
An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with... |
Elementor |
Elementor Pro |
2020-05-17 00:38:37 UTC |
CVE |
|
CVE-2020-12075
|
The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks capability checks for AJAX actions. |
supsystic.com |
data-tables-generator-by-supsystic |
2020-03-24 07:10:05 UTC |
Wordfence |
|
CVE-2014-8739
|
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative... |
jQuery |
File Upload Plugin |
2020-02-08 17:21:54 UTC |
CVE |
|
CVE-2020-8417
|
The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu. |
Code Snippets |
Code Snippets plugin for WordPress |
2020-01-28 14:27:48 UTC |
Wordfence |
|
CVE-2020-6167
|
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF attack to enable maintenance mode, inject... |
WordPress |
Minimal Coming Soon & Maintenance Mode plugin |
2020-01-08 11:25:14 UTC |
Wordfence |
|
CVE-2019-19915
|
The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users (with subscriber or greater access) to modify, delete, or... |
WordPress |
301 Redirects - Easy Redirect Manager |
2019-12-19 10:20:28 UTC |
Wordfence |
|
CVE-2019-17049
|
NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account. |
NETGEAR |
SRX5308 |
2019-09-30 18:37:21 UTC |
CVE |
|
CVE-2018-18472
|
Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the... |
Western Digital |
WD My Book Live, WD My Book Live Duo |
2019-06-19 15:44:20 UTC |
CVE |
|
CVE-2018-18852
|
Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use... |
Cerio |
DT-300N |
2019-06-18 15:00:32 UTC |
CVE |