CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32551 – WordPress SP Project & Document Manage plugin <= 4.71 - Auth. SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-32551
16 Apr 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.71. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en Smartypants SP Project & Document Manager. Este problema afecta a SP Project & Document Manager: desde n/a hasta 4.71. The SP Project & Document Manager plugin for Wor... • https://patchstack.com/database/vulnerability/sp-client-document-manager/wordpress-sp-project-document-manage-plugin-4-71-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32439 – WordPress WP Client Reports plugin <= 1.0.22 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32439
12 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in SwitchWP WP Client Reports.This issue affects WP Client Reports: from n/a through 1.0.22. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en SwitchWP WP Client Reports. Este problema afecta a WP Client Reports: desde n/a hasta 1.0.22. The WP Client Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.22. This is due to missing or incorrect nonce validation on the wp_client_reports_send_email_repo... • https://patchstack.com/database/vulnerability/wp-client-reports/wordpress-wp-client-reports-plugin-1-0-22-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.8EPSS: 1%CPEs: 1EXPL: 1CVE-2024-25503
https://notcve.org/view.php?id=CVE-2024-25503
04 Apr 2024 — Cross Site Scripting (XSS) vulnerability in Advanced REST Client v.17.0.9 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the edit details parameter of the New Project function. Una vulnerabilidad de Cross Site Scripting (XSS) en Advanced REST Client v.17.0.9 permite a un atacante remoto ejecutar código arbitrario y obtener información confidencial a través de un script manipulado para el parámetro de edición de detalles de la función New Project. • https://github.com/EQSTLab/CVE-2024-25503 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 1%CPEs: 1EXPL: 0CVE-2024-31118 – SP Project & Document Manager <= 4.70 - Missing Authorization Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-31118
29 Mar 2024 — The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check function in versions up to, and including, 4.70. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject malicious web scripts into pages. • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24868 – WordPress SP Project & Document Manager Plugin <= 4.69 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2024-24868
02 Feb 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.69. The SP Project & Document Manager plugin for WordPress is vulnerable to SQL Injection via the sp_cdm_display_project_shortcode_show function in versions up to, and including, 4.69 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL ... • https://patchstack.com/database/vulnerability/sp-client-document-manager/wordpress-sp-project-document-manager-plugin-4-69-contributor-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27425 – WordPress Electric Studio Client Login Plugin <= 0.8.1 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-27425
14 Apr 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in James Irving-Swift Electric Studio Client Login plugin <= 0.8.1 versions. The Electric Studio Client Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 0.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will exe... • https://patchstack.com/database/vulnerability/electric-studio-client-login/wordpress-electric-studio-client-login-plugin-0-8-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0073 – Client Logo Carousel <= 3.0.0 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-0073
26 Jan 2023 — The Client Logo Carousel WordPress plugin through 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The Client Logo Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.0.0 due to insufficient input sanitization and output es... • https://wpscan.com/vulnerability/e5599968-a435-405a-8829-9840a2144987 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43657
https://notcve.org/view.php?id=CVE-2021-43657
22 Dec 2022 — A Stored Cross-site scripting (XSS) vulnerability via MAster.php in Sourcecodetester Simple Client Management System (SCMS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the vulnerable input fields. • https://github.com/c0n5n3d/CVE-2021-43657 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23507 – Light client verification not taking into account chain ID
https://notcve.org/view.php?id=CVE-2022-23507
15 Dec 2022 — Tendermint is a high-performance blockchain consensus engine for Byzantine fault tolerant applications. Versions prior to 0.28.0 contain a potential attack via Improper Verification of Cryptographic Signature, affecting anyone using the tendermint-light-client and related packages to perform light client verification (e.g. IBC-rs, Hermes). The light client does not check that the chain IDs of the trusted and untrusted headers match, resulting in a possible attack vector where someone who finds a header from... • https://github.com/informalsystems/tendermint-rs/security/advisories/GHSA-xqqc-c5gw-c5r5 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39397 – Exposure of sensitive information in aliyun-oss-client
https://notcve.org/view.php?id=CVE-2022-39397
22 Nov 2022 — aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of this library will be affected, the incoming secret will be disclosed unintentionally. This issue has been patched in version 0.8.1. aliyun-oss-client es un cliente rust para Alibaba Cloud OSS. Los usuarios de esta librería se verán afectados y el secreto entrante se revelará sin querer. Este problema se solucionó en la versión 0.8.1. • https://github.com/tu6ge/oss-rs/commit/e4553f7d74fce682d802f8fb073943387796df29 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •