Show filters
129 Total Results
Displaying 1-10 of 129
Sort by:
Attacker Value
High
CVE-2021-42258
Disclosure Date: October 22, 2021 (last updated February 23, 2025)
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell.
3
Attacker Value
Unknown
CVE-2025-24705
Disclosure Date: January 24, 2025 (last updated February 27, 2025)
Missing Authorization vulnerability in Arshid WooCommerce Quick View allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Quick View: from n/a through 1.1.1.
0
Attacker Value
Unknown
CVE-2025-23932
Disclosure Date: January 22, 2025 (last updated February 27, 2025)
Deserialization of Untrusted Data vulnerability in NotFound Quick Count allows Object Injection. This issue affects Quick Count: from n/a through 3.00.
0
Attacker Value
Unknown
CVE-2024-54344
Disclosure Date: December 13, 2024 (last updated February 27, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood WP Quick Shop allows Reflected XSS.This issue affects WP Quick Shop: from n/a through 1.3.1.
0
Attacker Value
Unknown
CVE-2023-31214
Disclosure Date: December 09, 2024 (last updated February 27, 2025)
Missing Authorization vulnerability in Arul Prasad J WP Quick Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Quick Post Duplicator: from n/a through 2.0.
0
Attacker Value
Unknown
CVE-2023-25714
Disclosure Date: December 09, 2024 (last updated February 27, 2025)
Missing Authorization vulnerability in Fullworks Quick Paypal Payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Paypal Payments: from n/a through 5.7.25.
0
Attacker Value
Unknown
CVE-2023-25035
Disclosure Date: December 09, 2024 (last updated February 27, 2025)
Missing Authorization vulnerability in Fullworks Quick Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Contact Form : from n/a through 8.0.3.1.
0
Attacker Value
Unknown
CVE-2023-23975
Disclosure Date: December 09, 2024 (last updated February 27, 2025)
Missing Authorization vulnerability in Fullworks Quick Event Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Event Manager: from n/a through 9.7.4.
0
Attacker Value
Unknown
CVE-2024-5020
Disclosure Date: December 04, 2024 (last updated February 27, 2025)
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
0
Attacker Value
Unknown
CVE-2024-11805
Disclosure Date: December 03, 2024 (last updated February 27, 2025)
The Quick License Manager – WooCommerce Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'submit_qlm_products' parameter in all versions up to, and including, 2.4.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
0
