WordPress Gwolle Guestbook plugin version 2.5.3 suffers from a cross site scripting vulnerability.
b23bc2a383b6cc1c5ccefb6963683971
WordPress Strong Testimonials plugin version 2.31.4 suffers from a cross site scripting vulnerability.
a133893c4212712101407d506a534550
WordPress Snazzy Maps plugin versions 1.1.3 and below suffer from a cross site scripting vulnerability.
6a5b64bad9af84f0198e0b9105045392
WordPress WP Google Map plugin versions 4.0.4 and below suffer from remote SQL injection vulnerabilities.
2456732033e558ec555c1b594d000411
WordPress Ultimate Form Builder Lite versions 1.3.7 and below suffer from cross site scripting and remote SQL injection vulnerabilities.
4147f9e58f55a85f9e33e394450a0f3a
WordPress Contact Form Maker plugin versions 1.12.20 and below suffer from cross site scripting, cross site request forgery, and remote SQL injection vulnerabilities.
d08badfbc380bef4839f1e6faaf47b7e
WordPress Form Maker plugin versions 1.12.24 and below suffer from cross site scripting, cross site request forgery, and remote SQL injection vulnerabilities.
222b8b4c330c800a4f881ec057b14e4f
Magento suffers from product attribute information related cross site scripting vulnerabilities. Versions affected include Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, and Magento 2.2 prior to 2.2.3.
d73101b6b0b0b0f02a6ec88ff295af50
Magento suffers from downloadable product information related cross site scripting vulnerabilities. Versions affected include Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, and Magento 2.2 prior to 2.2.3.
f77d1da16377bd36480710245f667fb2
Magento Backups suffer from a cross site request forgery vulnerability. Versions affected include Magento Open Source prior to 1.9.3.8, Magento Commerce prior to 1.14.3.8, Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, and Magento 2.2 prior to 2.2.3.
0adaddcd0d7b534ec114223d7660feb1
Magento suffers from user information related cross site scripting vulnerabilities. Versions affected include Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, and Magento 2.2 prior to 2.2.3.
91c1b88ab3d81c67800e22cebc73902e
PureVPN versions 5.19.4.0 and below suffer from a privilege escalation vulnerability.
bc09db910165ef220d5ab399ca475c2d
SugarCRM Community Edition versions 6.5.26 and below suffer from multiple remote SQL injection vulnerabilities.
2ab4e697942a1f1e39de181287dee068
WordPress Testimonial Slider plugin versions 1.2.4 and below suffer from a remote SQL injection vulnerability.
171fbf4af364b138825c12c2a1ba6464
WordPress Smooth Slider plugin versions 2.8.6 and below suffer from a remote SQL injection vulnerability.
3ca8963a8f503e09a95c667231a768d8
WordPress Dbox 3D Slide Lite plugin versions 1.2.2 and below suffer from multiple remote SQL injection vulnerabilities.
396bea3f46a47c839564e82ee3df2688
WordPress Booking Calendar plugin versions 7.1, 7.0, and below suffer from remote SQL injection and local file inclusion vulnerabilities.
fd4e207ff9fc3d6be29efbcdeb30fa9e
WordPress Clean Up Optimizer plugin versions 4.0.0 and below suffer from a remote SQL injection vulnerability.
89af3a8114d77b162a390a6d6b1874e9
WordPress Top-10 plugin versions 2.4.2 and below suffer from a remote SQL injection vulnerability.
ee588dbd58069595df55af0f7982b6d0
WordPress Ad Widget plugin versions 2.10.0 and below suffer from a local file inclusion vulnerability.
a02c1bb177145fdea032f28a60278396
WordPress Simple Login Log plugin version 1.1.1 suffers from multiple remote SQL injection vulnerabilities.
80eca9af5e5ecacd33c8d526809fd7a8
During a security audit of Magento Community Edition / Open Source and Commerce, cross site request forgery and stored cross site scripting vulnerabilities were discovered that could lead to administrator account takeover, putting the website customers and their payment information at risk. Versions affected include Magento CE 1 prior to 1.9.3.6, Magento Commerce prior to 1.14.3.6, Magento 2.0 prior to 2.0.16, and Magento 2.1 prior to 2.1.9.
b8e9abcbfbba8f6e6349871a393da400
During a security audit of Magento Community Edition / Open Source and Commerce, cross site request forgery and stored cross site scripting vulnerabilities were discovered that could lead to administrator account takeover, putting the website customers and their payment information at risk. This is a second advisory from DefenseCode for the same software and vulnerabilities. Versions affected include Magento CE 1 prior to 1.9.3.6, Magento Commerce prior to 1.14.3.6, Magento 2.0 prior to 2.0.16, and Magento 2.1 prior to 2.1.9.
6fac5f12b988c5d618dd41e90f4d5591
WordPress Podlove Podcast Publisher plugin versions 2.5.3 and below suffer from a remote SQL injection vulnerability.
7644c1e718ad96e70260bb88694784a8
WordPress PressForward plugin versions 4.3.0 and below suffer from a cross site scripting vulnerability.
c1bc43011a404f94f827c88a862b2af5