CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24576 – WordPress Landing Page Cat plugin <= 1.7.7 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-24576
17 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fatcat Apps Landing Page Cat allows Reflected XSS. This issue affects Landing Page Cat: from n/a through 1.7.7. The Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.7.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker... • https://patchstack.com/database/wordpress/plugin/landing-page-cat/vulnerability/wordpress-landing-page-cat-plugin-1-7-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49686 – WordPress Landing Page Cat plugin <= 1.7.4 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-49686
21 Oct 2024 — Missing Authorization vulnerability in Fatcat Apps Landing Page Cat.This issue affects Landing Page Cat: from n/a through 1.7.4. The Landing Page Cat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the custom post type added via the plugin in versions up to, and including, 1.7.4. This makes it possible for authenticated attackers, with contributor-level access and above, to edit and modify landing pages. • https://patchstack.com/database/wordpress/plugin/landing-page-cat/vulnerability/wordpress-landing-page-cat-plugin-1-7-4-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24788 – Batch Cat <= 0.3 - Subscriber+ Arbitrary Categories Add/Set/Delete to Posts
https://notcve.org/view.php?id=CVE-2021-24788
05 Oct 2021 — The Batch Cat WordPress plugin through 0.3 defines 3 custom AJAX actions, which both require authentication but are available for all roles. As a result, any authenticated user (including simple subscribers) can add/set/delete arbitrary categories to posts. El plugin Batch Cat de WordPress versiones hasta 0.3, define 3 acciones AJAX personalizadas, que requieren autenticación pero están disponibles para todos los roles. Como resultado, cualquier usuario autenticado (incluyendo los simples suscriptores) pued... • https://wpscan.com/vulnerability/f8fdff8a-f158-46e8-94f1-f051a6c5608b • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2019-13097
https://notcve.org/view.php?id=CVE-2019-13097
22 Jul 2019 — The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. Attackers can manipulate users' score parameters exchanged between client and server. La aplicación API de Cat Runner Decorate Home versión 2.8.0 para Android, no comprueba suficientemente las entradas que son asumidas inmutables pero que en realidad son controlables externamente. Los atacantes pueden manipular los parámetros... • https://pastebin.com/WkkGk0tw • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 97%CPEs: 11EXPL: 0CVE-2012-1442
https://notcve.org/view.php?id=CVE-2012-1442
21 Mar 2012 — The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, F-Secure Anti-Virus 9.0.16160.0, Sophos Anti-Virus 4.61.0, Antiy Labs AVL SDK 2.0.3.7, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified class field. NOTE: this may later be SPLIT into mu... • http://osvdb.org/80426 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 97%CPEs: 12EXPL: 0CVE-2012-1463
https://notcve.org/view.php?id=CVE-2012-1463
21 Mar 2012 — The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified endianness field. NOTE: this may later be... • http://osvdb.org/80426 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 97%CPEs: 4EXPL: 0CVE-2012-1421
https://notcve.org/view.php?id=CVE-2012-1421
21 Mar 2012 — The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial MSCF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. El analizador de archivos TAR en Quick Heal ... • http://osvdb.org/80409 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 96%CPEs: 8EXPL: 0CVE-2012-1460
https://notcve.org/view.php?id=CVE-2012-1460
21 Mar 2012 — The Gzip file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with stray bytes at the end. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations. E... • http://www.ieee-security.org/TC/SP2012/program.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 96%CPEs: 6EXPL: 0CVE-2012-1426
https://notcve.org/view.php?id=CVE-2012-1426
21 Mar 2012 — The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, K7 AntiVirus 9.77.3565, Norman Antivirus 6.06.12, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \42\5A\68 character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. El analizador de a... • http://osvdb.org/80406 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 89%CPEs: 2EXPL: 0CVE-2012-1419
https://notcve.org/view.php?id=CVE-2012-1419
21 Mar 2012 — The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial [aliases] character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. El analizador de archivos TAR en ClamAV 0.96.4 y Quick Heal (también conocido como Cat QuickHeal) 11.00 permite a atacantes remotos evitar l... • http://osvdb.org/80409 • CWE-264: Permissions, Privileges, and Access Controls •