CVE-2022-36551 Server Side Request Forgery in Data Import in Heartex Community Edition 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system.
On Oct 29, 2018, version 1.5.0 of the Data Import module was released. This version is no longer supported. However, it is still
CVE-2021-36865 - Understanding and Exploiting the IDOR Vulnerability in ExpressTech Quiz And Survey Master Plugin (<= 7.3.4)
WordPress has long been the platform of choice for bloggers, small businesses, and web developers looking for flexible plugin options. But with popularity comes risk—
CVE-2021-36855 An XSS vulnerability in the Booking Ultra Pro plugin = 1.1.4 at WordPress that is caused by CSRF.
The PoC exploit code is - Injecting XSS via CSRF. Reflected XSS via CSRF vulnerability can lead to serious security vulnerabilities in WordPress. The WordPress
CVE-2021-36839 Stored XSS vulnerability in the Social Media Follow Buttons Bar plugin 4.73 and earlier.
The vulnerability exists due to lack of proper validation of user input by the plugin. An attacker can leverage this vulnerability to perform cross-site scripting
CVE-2021-36854 The Booking Ultra Pro plugin has 4 CSRF vulnerabilties.
These are critical vulnerabilities as an attacker can perform any action on your website like changing password of booking user or adding booking user as
Episode
00:00:00
00:00:00