CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-58103
https://notcve.org/view.php?id=CVE-2024-58103
16 Mar 2025 — Square Wire before 5.2.0 does not enforce a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt. • https://github.com/square/wire/commit/b90e60c09befaff836a2fc2ee4d678451b2ec75d • CWE-674: Uncontrolled Recursion •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47338 – WordPress WPExperts Square For GiveWP plugin <= 1.3 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-47338
26 Sep 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExpertsio WPExperts Square For GiveWP allows SQL Injection.This issue affects WPExperts Square For GiveWP: from n/a through 1.3. The WPExperts Square For GiveWP plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenti... • https://patchstack.com/database/vulnerability/wpexperts-square-for-give/wordpress-wpexperts-square-for-givewp-plugin-1-3-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49851 – WordPress Square Thumbnails plugin <= 1.1.1 - Broken Access Control + CSRF vulnerability
https://notcve.org/view.php?id=CVE-2023-49851
07 Dec 2023 — Missing Authorization vulnerability in ILMDESIGNS Square Thumbnails allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Square Thumbnails: from n/a through 1.1.1. The Square Thumbnails plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an the sqt_settings_save() function in versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to update the plugin's settings. • https://patchstack.com/database/wordpress/plugin/square-thumbnails/vulnerability/wordpress-square-thumbnails-plugin-1-1-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 3%CPEs: 1EXPL: 1CVE-2023-30486 – WordPress Square theme <= 2.0.0 - Broken Access Control
https://notcve.org/view.php?id=CVE-2023-30486
13 Apr 2023 — Missing Authorization vulnerability in HashThemes Square allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Square: from n/a through 2.0.0. The Square theme for WordPress is vulnerable to unauthorized plugin activation due to a missing capability check on the activate_plugin function called via an AJAX action in versions up to, and including, 2.0.0. This makes it possible for authenticated attackers , with subscriber-level access and above, to activate arbitrary plugi... • https://github.com/RandomRobbieBF/CVE-2023-30486 • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36645 – square squalor sql injection
https://notcve.org/view.php?id=CVE-2020-36645
07 Jan 2023 — A vulnerability, which was classified as critical, was found in square squalor. This affects an unknown part. The manipulation leads to sql injection. Upgrading to version v0.0.0 is able to address this issue. The patch is named f6f0a47cc344711042eb0970cb423e6950ba3f93. • https://github.com/square/squalor/commit/f6f0a47cc344711042eb0970cb423e6950ba3f93 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2018-7295
https://notcve.org/view.php?id=CVE-2018-7295
23 May 2018 — ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and 4.25 on Windows is affected by Improper Enforcement of Message Integrity During Transmission in a Communication Channel, allowing a man-in-the-middle attacker to steal user credentials because a session retrieves global.js via http before proceeding to use https. This is fixed in Patch 4.3. ffxivlauncher.exe en Square Enix Final Fantasy XIV 4.21 y 4.25 en Windows se ha visto afectado por una aplicación incorrecta de la integridad de los mensajes du... • https://raw.githubusercontent.com/WizardShotTheFood/advisories/master/CVE-2018-7295.txt • CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 3CVE-2018-8820 – Square 9 GlobalForms 6.2.x Blind SQL Injection
https://notcve.org/view.php?id=CVE-2018-8820
28 Mar 2018 — An issue was discovered in Square 9 GlobalForms 6.2.x. A Time Based SQL injection vulnerability in the "match" parameter allows remote authenticated attackers to execute arbitrary SQL commands. It is possible to upgrade access to full server compromise via xp_cmdshell. In some cases, the authentication requirement for the attack can be met by sending the default admin credentials. Se ha descubierto un problema en Square 9 GlobalForms 6.2.x. • https://packetstorm.news/files/id/146942 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7259
https://notcve.org/view.php?id=CVE-2014-7259
05 Dec 2014 — SQUARE ENIX Co., Ltd. Kaku-San-Sei Million Arthur before 2.25 for Android stores "product credentials" on the SD card, which allows attackers to gain privileges via a crafted application. SQUARE ENIX Co., Ltd. Kaku-San-Sei Million Arthur anterior a 2.25 para Android almacena 'credenciales de productos' en la tarjeta SD, lo que permite a atacantes remotos ganar privilegios a través de una aplicación manipulada. • http://jvn.jp/en/jp/JVN24909891/index.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 1%CPEs: 4EXPL: 2CVE-2008-6965 – AJ Auction - Authentication Bypass
https://notcve.org/view.php?id=CVE-2008-6965
13 Aug 2009 — AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0 send a redirect but do not exit when certain scripts are called directly, which allows remote attackers to bypass authentication via a direct request to (1) site.php, (2) auction.php, (3) mail.php, (4) fee_setting.php, (5) earnings.php, (6) insertion_fee_settings.php, (7) custom_category.php, (8) subcategory.php, (9) category.php, (10) report.php, (11) store_manager.php, and (12) choose_sell_format.php in admin/, and possibly... • https://www.exploit-db.com/exploits/7087 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2008-6966 – AJ Auction - Authentication Bypass
https://notcve.org/view.php?id=CVE-2008-6966
13 Aug 2009 — AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php. AJ Square AJ Auction Pro Platinum Skin #1 envía una redirección pero no existe cuando es llamada directamente, lo que permite a los atacantes remotos evitar la autenticación a través de una petición directa a admin/user.php. • https://www.exploit-db.com/exploits/7087 • CWE-264: Permissions, Privileges, and Access Controls •