CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30877 – WordPress Quiz Cat plugin <= 3.0.8 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-30877
27 Mar 2025 — Missing Authorization vulnerability in fatcatapps Quiz Cat allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Quiz Cat: from n/a through 3.0.8. The Quiz Cat – WordPress Quiz Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.0.8. This makes it possible for authenticated attackers, with Author-level access and above, to perform an unauthorized action. • https://patchstack.com/database/wordpress/plugin/quiz-cat/vulnerability/wordpress-quiz-cat-plugin-3-0-8-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24576 – WordPress Landing Page Cat plugin <= 1.7.7 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-24576
17 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fatcat Apps Landing Page Cat allows Reflected XSS. This issue affects Landing Page Cat: from n/a through 1.7.7. The Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.7.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker... • https://patchstack.com/database/wordpress/plugin/landing-page-cat/vulnerability/wordpress-landing-page-cat-plugin-1-7-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49686 – WordPress Landing Page Cat plugin <= 1.7.4 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-49686
21 Oct 2024 — Missing Authorization vulnerability in Fatcat Apps Landing Page Cat.This issue affects Landing Page Cat: from n/a through 1.7.4. The Landing Page Cat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the custom post type added via the plugin in versions up to, and including, 1.7.4. This makes it possible for authenticated attackers, with contributor-level access and above, to edit and modify landing pages. • https://patchstack.com/database/wordpress/plugin/landing-page-cat/vulnerability/wordpress-landing-page-cat-plugin-1-7-4-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24788 – Batch Cat <= 0.3 - Subscriber+ Arbitrary Categories Add/Set/Delete to Posts
https://notcve.org/view.php?id=CVE-2021-24788
05 Oct 2021 — The Batch Cat WordPress plugin through 0.3 defines 3 custom AJAX actions, which both require authentication but are available for all roles. As a result, any authenticated user (including simple subscribers) can add/set/delete arbitrary categories to posts. El plugin Batch Cat de WordPress versiones hasta 0.3, define 3 acciones AJAX personalizadas, que requieren autenticación pero están disponibles para todos los roles. Como resultado, cualquier usuario autenticado (incluyendo los simples suscriptores) pued... • https://wpscan.com/vulnerability/f8fdff8a-f158-46e8-94f1-f051a6c5608b • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2019-13097
https://notcve.org/view.php?id=CVE-2019-13097
22 Jul 2019 — The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. Attackers can manipulate users' score parameters exchanged between client and server. La aplicación API de Cat Runner Decorate Home versión 2.8.0 para Android, no comprueba suficientemente las entradas que son asumidas inmutables pero que en realidad son controlables externamente. Los atacantes pueden manipular los parámetros... • https://pastebin.com/WkkGk0tw • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 0CVE-2012-1419
https://notcve.org/view.php?id=CVE-2012-1419
21 Mar 2012 — The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial [aliases] character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. El analizador de archivos TAR en ClamAV 0.96.4 y Quick Heal (también conocido como Cat QuickHeal) 11.00 permite a atacantes remotos evitar l... • http://osvdb.org/80409 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 24%CPEs: 11EXPL: 0CVE-2012-1420
https://notcve.org/view.php?id=CVE-2012-1420
21 Mar 2012 — The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may lat... • http://osvdb.org/80403 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-1421
https://notcve.org/view.php?id=CVE-2012-1421
21 Mar 2012 — The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial MSCF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. El analizador de archivos TAR en Quick Heal ... • http://osvdb.org/80409 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-1422
https://notcve.org/view.php?id=CVE-2012-1422
21 Mar 2012 — The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial ITSF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. El analizador de archivos TAR en Quick Heal (también conocido como Cat QuickHeal)... • http://osvdb.org/80409 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 5%CPEs: 6EXPL: 0CVE-2012-1424
https://notcve.org/view.php?id=CVE-2012-1424
21 Mar 2012 — The TAR file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Jiangmin Antivirus 13.0.900, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. E... • http://osvdb.org/80390 • CWE-264: Permissions, Privileges, and Access Controls •