| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in webcodingplace Ultimate Classified Listings ultimate-classified-listings allows PHP Local File Inclusion.This issue affects Ultimate Classified Listings: from n/a through <= 1.7. |
| Path Traversal: '.../...//' vulnerability in corporatezen222 Contact Page With Google Map contact-page-with-google-map allows Path Traversal.This issue affects Contact Page With Google Map: from n/a through <= 1.6.1. |
| Cross-Site Request Forgery (CSRF) vulnerability in Buying Buddy Buying Buddy IDX CRM buying-buddy-idx-crm allows Object Injection.This issue affects Buying Buddy IDX CRM: from n/a through <= 1.2.8. |
| Deserialization of Untrusted Data vulnerability in ModelTheme QRMenu Restaurant QR Menu Lite qrmenu-lite allows Object Injection.This issue affects QRMenu Restaurant QR Menu Lite: from n/a through <= 1.0.4. |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpopal Opal Woo Custom Product Variation opal-woo-custom-product-variation allows Path Traversal.This issue affects Opal Woo Custom Product Variation: from n/a through <= 1.1.3. |
| Missing Authentication for Critical Function vulnerability in deco.agency de:branding debranding allows Privilege Escalation.This issue affects de:branding: from n/a through <= 1.0.2. |
| Missing Authentication for Critical Function vulnerability in Saul Morales Pacheco Banner System banner-system allows Privilege Escalation.This issue affects Banner System: from n/a through <= 1.0.0. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal Post SMTP post-smtp allows Blind SQL Injection.This issue affects Post SMTP: from n/a through <= 2.9.9. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjada WPDM – Premium Packages wpdm-premium-packages.This issue affects WPDM – Premium Packages: from n/a through <= 6.0.5. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Peter Ads Booster by Ads Pro free-wp-booster-by-ads-pro allows PHP Local File Inclusion.This issue affects Ads Booster by Ads Pro: from n/a through <= 1.12. |
| Cross-Site Request Forgery (CSRF) vulnerability in sureshdsk wp-login customizer wp-login-customizer allows Stored XSS.This issue affects wp-login customizer: from n/a through <= 1.0. |
| Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Popup Window Maker easy-popup-lightbox-maker allows Stored XSS.This issue affects WP Popup Window Maker: from n/a through <= 2.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CactusThemes Gameplan gameplan allows Reflected XSS.This issue affects Gameplan: from n/a through <= 1.5.10. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes ReConstruction reconstruction allows Reflected XSS.This issue affects ReConstruction: from n/a through <= 1.4.7. |
| Cross-Site Request Forgery (CSRF) vulnerability in skipstorm SK WP Settings Backup sk-wp-settings-backup allows Object Injection.This issue affects SK WP Settings Backup: from n/a through <= 1.0. |
| Cross-Site Request Forgery (CSRF) vulnerability in mikeage Hebrew Date hebrewdates allows Stored XSS.This issue affects Hebrew Date: from n/a through <= 2.1.0. |
| Missing Authorization vulnerability in aitool Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One ai-auto-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One: from n/a through <= 2.1.2. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Shoaib Rehmat ZIJ KART zij-kart allows PHP Local File Inclusion.This issue affects ZIJ KART: from n/a through <= 1.1. |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in labs64 DigiPass digipass allows Absolute Path Traversal.This issue affects DigiPass: from n/a through <= 0.3.0. |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DonnellC Global Gateway e4 | Payeezy Gateway | globe-gateway-e4.This issue affects Global Gateway e4 | Payeezy Gateway |: from n/a through <= 2.0. |