Show filters
15 Total Results
Displaying 1-10 of 15
Sort by:
Attacker Value
Unknown
CVE-2025-23583
Disclosure Date: January 22, 2025 (last updated January 23, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Explara Explara Membership allows Reflected XSS. This issue affects Explara Membership: from n/a through 0.0.7.
0
Attacker Value
Unknown
CVE-2022-4974
Disclosure Date: October 16, 2024 (last updated October 16, 2024)
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
0
Attacker Value
Unknown
CVE-2022-40700
Disclosure Date: January 19, 2024 (last updated January 31, 2024)
Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply – Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder – Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet – A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP – Membership plugin for WordPress and WooCommerce: from n…
0
Attacker Value
Unknown
CVE-2023-39736
Disclosure Date: October 25, 2023 (last updated November 01, 2023)
The leakage of the client secret in Fukunaga_memberscard Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.
0
Attacker Value
Unknown
CVE-2022-2654
Disclosure Date: September 16, 2022 (last updated February 24, 2025)
The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting
0
Attacker Value
Unknown
CVE-2015-9394
Disclosure Date: September 20, 2019 (last updated November 27, 2024)
The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php.
0
Attacker Value
Unknown
CVE-2015-9395
Disclosure Date: September 20, 2019 (last updated November 27, 2024)
The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action.
0
Attacker Value
Unknown
CVE-2015-9392
Disclosure Date: September 20, 2019 (last updated November 27, 2024)
The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_name parameter.
0
Attacker Value
Unknown
CVE-2015-9393
Disclosure Date: September 20, 2019 (last updated November 27, 2024)
The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_desc parameter.
0
Attacker Value
Unknown
CVE-2015-9402
Disclosure Date: September 20, 2019 (last updated November 27, 2024)
The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload.
0
