WordPress Gwolle Guestbook plugin version 2.5.3 suffers from a cross site scripting vulnerability.
0102adc89a526756f71376d8ca8b12e0af203e535a067eed6ad082c80015d2a0
WordPress Strong Testimonials plugin version 2.31.4 suffers from a cross site scripting vulnerability.
29e3e61c5bb4cc522ae61f3fdbf89e035d73bfa6c4c7ed5ee78b79874121d335
WordPress Snazzy Maps plugin versions 1.1.3 and below suffer from a cross site scripting vulnerability.
69d9372e1f11eb13779812a45773c8c5799eb581c2d4f0a43fdac8c63bc11aac
WordPress WP Google Map plugin versions 4.0.4 and below suffer from remote SQL injection vulnerabilities.
47845a0de05723fa22908baa8f1387f03dc2b7a10302916bf08f5d96fc9dd027
WordPress Ultimate Form Builder Lite versions 1.3.7 and below suffer from cross site scripting and remote SQL injection vulnerabilities.
94336025653173391ac5889e704bcfd91b865bf11182e68e4e9264480f585de8
WordPress Contact Form Maker plugin versions 1.12.20 and below suffer from cross site scripting, cross site request forgery, and remote SQL injection vulnerabilities.
6b69b22bcc4cf5af62f351dcfe1d610cce1dc958b7caf6c12697c2a54a3e9c7d
WordPress Form Maker plugin versions 1.12.24 and below suffer from cross site scripting, cross site request forgery, and remote SQL injection vulnerabilities.
3131d3f173b1933fc4dabd940dc3fd7fa471504c3704fbfd5ced31130a9aa0fb
Magento suffers from product attribute information related cross site scripting vulnerabilities. Versions affected include Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, and Magento 2.2 prior to 2.2.3.
549e235e03ef0bdbe9eea05a3e1bd3f340f29761c9abdad73f4036142c0591e3
Magento suffers from downloadable product information related cross site scripting vulnerabilities. Versions affected include Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, and Magento 2.2 prior to 2.2.3.
1bbd2c7b993ffcb1a4ef9c205272274661f6065ff4e313cd2057ced8ea75d918
Magento Backups suffer from a cross site request forgery vulnerability. Versions affected include Magento Open Source prior to 1.9.3.8, Magento Commerce prior to 1.14.3.8, Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, and Magento 2.2 prior to 2.2.3.
6d870f518782a4d674caa1e656efd73fa25831cbd1426facfd575d0b2defcd72
Magento suffers from user information related cross site scripting vulnerabilities. Versions affected include Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, and Magento 2.2 prior to 2.2.3.
8655d134ed2747f6351bd7d013f6487b55c2509759a2cba576f6d2143f46f59d
PureVPN versions 5.19.4.0 and below suffer from a privilege escalation vulnerability.
f01935ae5539d9a66d7d09ee0ec64486230558bc46f1e918ef59cf2148cdaa26
SugarCRM Community Edition versions 6.5.26 and below suffer from multiple remote SQL injection vulnerabilities.
bc4cc7bf63d53a27a1eb576d08fe29628ea8da32f5518c5c866e31065558a8a7
WordPress Testimonial Slider plugin versions 1.2.4 and below suffer from a remote SQL injection vulnerability.
4843ea7190a8b03ec20a9232c6f5a6ded3adba6e253edb278b67f49e681f02b0
WordPress Smooth Slider plugin versions 2.8.6 and below suffer from a remote SQL injection vulnerability.
969899dce42308e6793f299ffa4d732c1287d84bb8b4576223cafa7d5fed6dce
WordPress Dbox 3D Slide Lite plugin versions 1.2.2 and below suffer from multiple remote SQL injection vulnerabilities.
5528cd5d06c970cf9130914fc542c9f448c79f182518089b7000c271a6fad1db
WordPress Booking Calendar plugin versions 7.1, 7.0, and below suffer from remote SQL injection and local file inclusion vulnerabilities.
646173f5e81a1f63cb65e0e58738fb57ac62c8835c609e27e0a0a795b6dbd637
WordPress Clean Up Optimizer plugin versions 4.0.0 and below suffer from a remote SQL injection vulnerability.
ae6b1807725083901c6a9501a476db389ad391985032e1b233e714bc82349172
WordPress Top-10 plugin versions 2.4.2 and below suffer from a remote SQL injection vulnerability.
491e52f7852755e7029e0188400d67003a5d9a69543fdd91e42c7ab58563697f
WordPress Ad Widget plugin versions 2.10.0 and below suffer from a local file inclusion vulnerability.
4dca75cd604be2d9ee5f59b3df5a6b97e028b213c809e41dec3862eafa62e6c7
WordPress Simple Login Log plugin version 1.1.1 suffers from multiple remote SQL injection vulnerabilities.
fe442cde72653defe51ab63edea37018252e0e898b0851ee4a61c92bdfdc035c
During a security audit of Magento Community Edition / Open Source and Commerce, cross site request forgery and stored cross site scripting vulnerabilities were discovered that could lead to administrator account takeover, putting the website customers and their payment information at risk. Versions affected include Magento CE 1 prior to 1.9.3.6, Magento Commerce prior to 1.14.3.6, Magento 2.0 prior to 2.0.16, and Magento 2.1 prior to 2.1.9.
4d32bf78790a47b612f73e6f5369bdb54efc47178d31a6a5c2caee2287e9d34f
During a security audit of Magento Community Edition / Open Source and Commerce, cross site request forgery and stored cross site scripting vulnerabilities were discovered that could lead to administrator account takeover, putting the website customers and their payment information at risk. This is a second advisory from DefenseCode for the same software and vulnerabilities. Versions affected include Magento CE 1 prior to 1.9.3.6, Magento Commerce prior to 1.14.3.6, Magento 2.0 prior to 2.0.16, and Magento 2.1 prior to 2.1.9.
8d86ea8e9eb75bb36c388fcd274b7cd6fb4431c98f0098e80d1cb745bb4f4af9
WordPress Podlove Podcast Publisher plugin versions 2.5.3 and below suffer from a remote SQL injection vulnerability.
dc7e4831715fbb93ca6ee18c38fa2fb87560853f28673c4b78848d8a2c9b707e
WordPress PressForward plugin versions 4.3.0 and below suffer from a cross site scripting vulnerability.
9149d5fd6fd493f3e94be2c3cc8a6fe5c63013bed56d64669eb18d0a79c6e30b