CVE-2016-10964

The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header.

Source: CVE-2016-10964

CVE-2016-10963

The icegram plugin before 1.9.19 for WordPress has XSS.

Source: CVE-2016-10963

CVE-2016-10966

The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file upload.

Source: CVE-2016-10966

CVE-2016-10957

The Akal theme through 2016-08-22 for WordPress has XSS via the framework/brad-shortcodes/tinymce/preview.php sc parameter.

Source: CVE-2016-10957

CVE-2016-10965

The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion.

Source: CVE-2016-10965

CVE-2016-10958

The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php.

Source: CVE-2016-10958

CVE-2016-10956

The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.

Source: CVE-2016-10956

CVE-2019-13474

TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have insufficient access control for the /set_dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands.

Source: CVE-2019-13474

CVE-2017-18634

The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php.

Source: CVE-2017-18634

CVE-2019-16170

An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. It has Incorrect Access Control.

Source: CVE-2019-16170