CVE Catalog

A cross-site scripting (XSS) vulnerability has been identified in Joomla! CMS versions 4.0.0 through 4.4.9 and 5.0.0 through 5.2.2. The issue arises because various module chromes failed to properly process inputs, creating XSS vectors that could be exploited.

A command execution vulnerability has been identified in ABB AC500 V3 products (PM5xxx) with firmware versions prior to 3.8.0. This vulnerability arises from a directory traversal issue (CVE-2024-12429), which allows a successfully authenticated attacker to inject arbitrary commands into a specially crafted file. The injected commands are then executed by the root user.

A vulnerability in ABB's AC500 V3 PM5xxx products prior to firmware version 3.8.0 allows successfully authenticated attackers to read system-wide files and configuration. This vulnerability could be exploited to grant unauthorized read access to sensitive files.

A stored cross-site scripting vulnerability has been identified in the Burria Laika Pedigree Tree WordPress plugin, affecting versions through 1.4. This vulnerability arises from improper input sanitization during web page generation, allowing malicious users to inject harmful scripts that are executed when the affected page is viewed.

A broken access control vulnerability has been identified in the WordPress 1003 Mortgage Application plugin, affecting versions through 1.87. This vulnerability allows users to access functionalities that are not properly restricted by access control lists (ACLs), potentially leading to unauthorized actions or data exposure.

A missing authorization vulnerability has been identified in the WordPress 1003 Mortgage Application plugin, specifically in versions through 1.87. This vulnerability allows exploitation of improperly configured access control, potentially enabling unprivileged users to perform actions reserved for higher privileges.

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the WordPress Prayer Times Anywhere plugin, affecting versions through 2.0.1. This vulnerability allows for Stored Cross-Site Scripting, where an attacker can inject malicious scripts that are executed by users.

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the WordPress Quote Tweet plugin, affecting versions through 0.7. This vulnerability allows for Stored Cross-Site Scripting (XSS) attacks, where an attacker can inject malicious scripts that are executed by users.

A DOM-based cross-site scripting vulnerability has been identified in the WordPress Ultimate Image Hover Effects plugin, affecting versions through 1.1.2. This issue arises from improper neutralization of input during web page generation, allowing malicious actors to inject and execute harmful scripts on the website.

A DOM-based cross-site scripting vulnerability has been identified in the WordPress Timeline Pro plugin, affecting versions through 1.3. This issue arises from improper input sanitization during web page generation, allowing malicious actors to inject and execute harmful scripts on the site.

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Scott Nellé Uptime Robot WordPress plugin, affecting versions through 0.1.3. This vulnerability allows for Stored Cross-Site Scripting, where an attacker can inject malicious scripts that are executed by users.

A stored cross-site scripting vulnerability has been identified in the Bytephp Arcade Ready plugin for WordPress, affecting versions through 1.1. This issue allows attackers to inject malicious scripts that are executed when users visit the affected site.

A stored cross-site scripting vulnerability has been identified in the Biltorvet Dealer Tools WordPress plugin, affecting versions through 1.0.22. This vulnerability allows for improper neutralization of input during web page generation, enabling the injection of malicious scripts that could be executed when users visit the affected site.

A stored cross-site scripting vulnerability has been identified in the Arefly WP Header Notification plugin for WordPress, affecting versions through 1.2.7. This vulnerability arises from improper input sanitization during web page generation, allowing malicious scripts to be injected and executed when users visit the affected site.

A stored cross-site scripting vulnerability has been identified in the AazzTech WP Cookie plugin for WordPress, affecting versions through 1.0.0. This vulnerability allows malicious users to inject scripts that are executed when other users visit the affected site.

A DOM-based cross-site scripting vulnerability has been identified in the WordPress Able Player plugin, affecting versions through 1.0. This issue arises from improper input sanitization during web page generation, allowing malicious actors to inject and execute harmful scripts on the site.

A stored cross-site scripting vulnerability has been identified in the WordPress ICS Button plugin, affecting versions through 0.6. This issue allows attackers to inject malicious scripts that are executed when users visit the affected site.

A stored cross-site scripting vulnerability has been identified in the WordPress Icons Enricher plugin, affecting versions through 1.0.8. This issue arises from improper input sanitization during web page generation, allowing malicious scripts to be injected and executed when users visit the affected site.

A stored cross-site scripting vulnerability has been identified in the WordPress Legacy ePlayer plugin, affecting versions through 0.9.9. This issue allows attackers to inject malicious scripts that are executed when users visit the affected site.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Instabot WordPress plugin, affecting versions through 1.10. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Faaiq Pretty Url WordPress plugin, affecting versions through 1.5.4. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the WordPress Title Experiments Free plugin, affecting versions through 9.0.4. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A broken access control vulnerability has been identified in the Saoshyant Page Builder WordPress plugin, affecting versions through 3.8. This vulnerability arises from missing authorization checks, which can be exploited by unprivileged users to perform actions reserved for higher privileges.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the WordPress TubePress.NET plugin, affecting versions through 4.0.1. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A stored cross-site scripting vulnerability has been identified in the WordPress mcjh Button Shortcode Plugin, affecting versions through 1.6.4. This issue arises from improper input sanitization during web page generation, allowing malicious scripts to be injected and executed when users visit the site.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the WPMagic News Publisher Autopilot plugin, affecting versions through 2.1.4. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Norse Rune Oracle WordPress plugin, affecting versions through 1.4.2. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the WordPress Smoothness Slider Shortcode plugin, affecting versions through 1.2.2. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A stored cross-site scripting vulnerability has been identified in the Eric Franklin Video Embed Optimizer WordPress plugin, affecting versions through 1.0.0. This issue arises from improper input sanitization during web page generation, allowing malicious scripts to be injected and executed when users visit the affected site.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the WordPress Affiliate Disclosure Statement plugin, specifically in versions through 0.3. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A stored cross-site scripting vulnerability has been identified in the Julien Crego Boot-Modal WordPress plugin, affecting versions through 1.9.1. This issue arises from improper input sanitization during web page generation, allowing malicious scripts to be injected and executed when users visit the affected site.

A stored cross-site scripting vulnerability has been identified in the AddFunc Mobile Detect WordPress plugin, affecting versions through 3.1. This issue arises from improper input sanitization during web page generation, allowing malicious scripts to be injected and executed when users visit the affected site.

A stored cross-site scripting vulnerability has been identified in the WordPress WP Github plugin, affecting versions through 1.3.3. This issue arises from improper input sanitization during web page generation, allowing malicious actors to inject harmful scripts that could be executed when users visit the affected site.

A stored cross-site scripting vulnerability has been identified in the WordPress ldap_login_password_and_role_manager plugin, affecting versions through 1.0.12. This vulnerability arises from improper input neutralization during web page generation, allowing malicious actors to inject harmful scripts that are executed when the affected page is viewed.

A stored cross-site scripting vulnerability has been identified in the WordPress JK Html To Pdf plugin, affecting versions through 1.0.0. This issue arises from improper input neutralization during web page generation, allowing malicious users to inject harmful scripts that are executed in the context of the user.

A stored cross-site scripting vulnerability has been identified in the One Plus Solution jQuery TwentyTwenty WordPress plugin, affecting versions through 1.0. This vulnerability arises from improper input sanitization during web page generation, allowing malicious actors to inject harmful scripts that are executed when users visit the affected site.

A stored cross-site scripting vulnerability has been identified in the WordPress Iframe to Embed plugin, specifically in versions through 1.2. This issue allows for improper neutralization of input during web page generation, enabling the injection of malicious scripts that are executed when users visit the affected site.

A stored cross-site scripting vulnerability has been identified in the Mind Doodle Visual Sitemaps & Tasks WordPress plugin, affecting versions through 1.6. This vulnerability allows attackers to inject malicious scripts that are executed when users visit the affected site.

A missing authorization vulnerability exists in the Beautiful Templates ST Gallery WordPress plugin, specifically in versions through 1.0.8. This vulnerability arises from improperly configured access control, allowing unauthorized users to exploit the issue.

A broken access control vulnerability has been identified in the WP Delete Post Copies plugin by Etruel Developments, affecting versions through 5.5. This vulnerability arises from missing authorization checks, which could allow an unprivileged user to perform actions reserved for higher privileges.

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Ofek Nakar Virtual Bot WordPress plugin, specifically in versions through 1.0.0. This vulnerability allows for Stored Cross-Site Scripting (XSS) attacks, where malicious scripts can be injected and executed within the user's browser session.

A SQL injection vulnerability has been identified in the WordPress WP Music Player plugin, affecting versions through 1.3. This vulnerability allows for improper neutralization of special elements used in SQL commands, potentially enabling attackers to manipulate database queries and interact with the database in unauthorized ways.

A missing authorization vulnerability has been identified in the WordPress Slides & Presentations plugin, specifically in versions through 0.0.39. This vulnerability allows exploitation of improperly configured access control, potentially enabling unprivileged users to perform actions reserved for higher privileges.

A SQL injection vulnerability has been identified in the WOOEXIM WordPress plugin, affecting versions through 5.0.0. This vulnerability allows for improper neutralization of special elements used in SQL commands, potentially enabling attackers to manipulate database queries and interact directly with the database. Such exploitation could lead to unauthorized data access or modification.

A stored cross-site scripting vulnerability has been identified in the WordPress Simple Photo Sphere plugin, affecting versions through 0.0.10. This issue arises from improper input sanitization during web page generation, allowing malicious scripts to be injected and executed when users visit the affected site.

A stored cross-site scripting vulnerability has been identified in the WordPress Urdu Formatter – Shamil plugin, affecting versions through 0.1. This vulnerability allows for improper neutralization of input during web page generation, enabling the injection of malicious scripts that could be executed when users visit the affected site.

A stored cross-site scripting vulnerability has been identified in the SIOT 아임포트 결제버튼 생성 플러그인, affecting versions through 1.1.19. This vulnerability arises from improper input neutralization during web page generation, allowing malicious scripts to be injected and executed when users visit the affected site.

A stored cross-site scripting vulnerability has been identified in the WordPress WE Blocks plugin, affecting versions through 1.3.5. This issue arises from improper input sanitization during web page generation, allowing malicious scripts to be injected and executed when users visit the affected site.

A stored cross-site scripting vulnerability has been identified in the Huurkalender WP plugin, affecting versions through 1.5.6. This issue allows attackers to inject malicious scripts that are executed when users visit the affected site.

A stored cross-site scripting vulnerability has been identified in the WordPress Donation Block for PayPal plugin, affecting versions through 2.2.0. This issue arises from improper input sanitization during web page generation, allowing malicious scripts to be injected and executed when users visit the affected site.