CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28166 – WordPress Tags Cloud Manager Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-28166
14 Mar 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aakif Kadiwala Tags Cloud Manager plugin <= 1.0.0 versions. The Tags Cloud Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, if they can successfully trick a user into ... • https://patchstack.com/database/vulnerability/tags-cloud-manager/wordpress-tags-cloud-manager-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43462 – WordPress IP Blacklist Cloud Plugin <= 5.00 is vulnerable to SQL Injection (SQLi) vulnerability
https://notcve.org/view.php?id=CVE-2022-43462
24 Oct 2022 — Auth. SQL Injection (SQLi) vulnerability in Adeel Ahmed's IP Blacklist Cloud plugin <= 5.00 versions. Vulnerabilidad de inyección SQL (SQLi) autenticada en el complemento IP Blacklist Cloud de Adeel Ahmed <= versiones 5.00. The IP Blacklist Cloud plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.00 due to insufficient escaping on a user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers,... • https://patchstack.com/database/vulnerability/ip-blacklist-cloud/wordpress-ip-blacklist-cloud-plugin-5-00-auth-sql-injection-sqli-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42462 – WordPress IP Blacklist Cloud Plugin <= 5.00 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-42462
24 Oct 2022 — Auth. Stored Cross-Site Scripting (XSS) vulnerability in Adeel Ahmed's IP Blacklist Cloud plugin <= 5.00 versions. Vulnerabilidad de Cross-Site Scripting (XSS) autenticada almacenada en el complemento IP Blacklist Cloud de Adeel Ahmed <= versiones 5.00. The IP Blacklist Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.00 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administra... • https://patchstack.com/database/vulnerability/ip-blacklist-cloud/wordpress-ip-blacklist-cloud-plugin-5-00-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36417 – WordPress 3D Tag Cloud plugin <= 3.8 - Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-36417
22 Sep 2022 — Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in 3D Tag Cloud plugin <= 3.8 at WordPress. Una vulnerabilidad múltiple de tipo Cross-Site Scripting (XSS) por medio de un ataque de tipo Cross-Site Request Forgery (CSRF) en el plugin 3D Tag Cloud versiones anteriores a 3.8 incluyéndola en WordPress. The 3D Tag Cloud plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.8. This is due to missing or incorrect nonce va... • https://patchstack.com/database/vulnerability/cardoza-3d-tag-cloud/wordpress-3d-tag-cloud-plugin-3-8-multiple-stored-cross-site-scripting-xss-via-cross-site-request-forgery-csrf-vulnerability/_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2664 – Private Cloud Management Platform POST Request global_config_query improper authentication
https://notcve.org/view.php?id=CVE-2022-2664
05 Aug 2022 — A vulnerability classified as critical has been found in Private Cloud Management Platform. Affected is an unknown function of the file /management/api/rcx_management/global_config_query of the component POST Request Handler. The manipulation leads to improper authentication. It is possible to launch the attack remotely. VDB-205614 is the identifier assigned to this vulnerability. • https://vuldb.com/?id.205614 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2412 – Better Tag Cloud <= 0.99.5 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2412
18 Jul 2022 — The Better Tag Cloud WordPress plugin through 0.99.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) El plugin Better Tag Cloud de WordPress versiones hasta 0.99.5, no sanea y escapa de algunos de sus ajustes, lo que podría permitir a usuarios con altos privilegios, como el administrador, llevar a cabo ataques de tipo Cross-... • https://wpscan.com/vulnerability/fc384cea-ae44-473c-8aa9-a84a2821bdc6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46200
https://notcve.org/view.php?id=CVE-2021-46200
21 Jan 2022 — An SQL Injection vulnerability exists in Sourcecodester Simple Music Clour Community System 1.0 via the email parameter in /music/ajax.php. Se presenta una vulnerabilidad de inyección SQL en Sourcecodester Simple Music Clour Community System versión 1.0, por medio del parámetro email en el archivo /music/ajax.php • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/Simple-Music-Cloud-Community-System • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-21139
https://notcve.org/view.php?id=CVE-2020-21139
04 Nov 2021 — EC Cloud E-Commerce System v1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add admin accounts via /admin.html?do=user&act=add. Se ha detectado que EC Cloud E-Commerce System versión v1.3, contiene una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) que permite a atacantes añadir arbitrariamente cuentas de administrador por medio de /admin.html?do=user&act=add • https://github.com/Ryan0lb/EC-cloud-e-commerce-system-CVE-application/blob/master/README.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13519
https://notcve.org/view.php?id=CVE-2018-13519
09 Jul 2018 — The mint function of a smart contract implementation for DigitalCloudToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. La función mintToken de una implementación de contrato inteligente para DigitalCloudToken, un token de Ethereum, tiene un desbordamiento de enteros que permite al propietario del contrato establecer cualquier valor para el balance de un usuario arbitrario. • https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md • CWE-190: Integer Overflow or Wraparound •