CVE-2022-47614

Unauth. SQL Injection (SQLi) vulnerability in InspireUI MStore API plugin <= 3.9.7 versions.

Source: CVE-2022-47614

CVE-2023-27427

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NTZApps CRM Memberships plugin <= 1.6 versions.

Source: CVE-2023-27427

CVE-2023-3304

Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9.

Source: CVE-2023-3304

CVE-2023-28751

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.0.3 versions.

Source: CVE-2023-28751

CVE-2023-29100

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dream-Theme The7 plugin <= 11.6.0 versions.

Source: CVE-2023-29100

CVE-2023-32580

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPExperts Password Protected plugin <= 2.6.2 versions.

Source: CVE-2023-32580

CVE-2023-3303

Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9.

Source: CVE-2023-3303

CVE-2023-3302

Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9.

Source: CVE-2023-3302

CVE-2023-29860

An insecure permissions in /Taier/API/tenant/listTenant interface in DTStack Taier 1.3.0 allows attackers to view sensitive information via the getCookie method.

Source: CVE-2023-29860

CVE-2023-30258

Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.

Source: CVE-2023-30258