Critical
CVE-2024-5827
Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbit…
Tag: PHP
All CVEs associated with "PHP". Page 82/312 • 37341 CVEs.
Subscribe CVEs: RSS for “PHP” · RSS (High+Critical only)
About “PHP”
A curated feed of “PHP”-related CVEs appears below. We currently track 37341 CVEs for this tag (all time). In the last 365 days, 6038 were published. Average CVSS is 6.7 (all time; 6.9 over 365d), and 50% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion').
In our taxonomy this topic maps to a LOW impact class. Language runtimes and libraries cascade through dependency graphs. Upgrade runtime and toolchain, pin versions, rebuild images, and enable SAST or DAST and linters. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2024-06-28
Medium
CVE-2024-5737
Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default (text/html) is used. An attacker may embed HTML tags directly in image data which is re…
High
CVE-2024-5736
Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost. This issue aff…
High
CVE-2024-5735
Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames:…
2024-06-27
Low
CVE-2024-6374
A vulnerability was found in lahirudanushka School Management System 1.0.0/1.0.1 and classified as problematic. This issue affects some unknown processing of the file /subject.php of the component Su…
High
CVE-2024-39158
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/userSys_deal.php?mudi=infoSet.
Low
CVE-2024-39157
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1.
Low
CVE-2024-39156
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add.
Medium
CVE-2024-39155
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=add.
High
CVE-2024-39154
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=del&dataType=word&dataTypeCN.
Medium
CVE-2024-39153
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/info_deal.php?mudi=del&dataType=news&dataTypeCN.
High
CVE-2024-6373
A vulnerability has been found in itsourcecode Online Food Ordering System up to 1.0 and classified as critical. This vulnerability affects unknown code of the file /addproduct.php. The manipulation…
Medium
CVE-2024-6372
A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. This affects an unknown part of the file customeradd.php. The manipulation of the argumen…
High
CVE-2024-6371
A vulnerability, which was classified as critical, has been found in itsourcecode Pool of Bethesda Online Reservation System 1.0. Affected by this issue is some unknown functionality of the file cont…
2024-06-26
Critical
CVE-2024-39243
An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST request to /index.php?s=/admin/develop/editor_save.
Medium
CVE-2023-26877
File upload vulnerability found in Softexpert Excellence Suite v.2.1 allows attackers to execute arbitrary code via a .php file upload to the form/efms_exec_html/file_upload_parser.php endpoint.
Low
CVE-2024-25637
October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back.…
Low
CVE-2024-24764
October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The r…
2024-06-25
High
CVE-2024-6308
A vulnerability was found in itsourcecode Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php. The manipulation…
Critical
CVE-2024-6297
Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and inject…
2024-06-24
Critical
CVE-2023-50029
PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4PDF::saveTemplate() method.
High
CVE-2023-45196
Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service i…
High
CVE-2024-37092
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulti…
Critical
CVE-2024-37089
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulti…
High
CVE-2024-24551
A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uplo…
High
CVE-2024-24550
A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on th…
Medium
CVE-2024-6280
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/ajax.php?action=save_settings. The ma…
Medium
CVE-2024-6279
A vulnerability was found in lahirudanushka School Management System 1.0.0/1.0.1 and classified as critical. Affected by this issue is some unknown functionality of the file examresults-par.php of th…
Medium
CVE-2024-6278
A vulnerability has been found in lahirudanushka School Management System 1.0.0/1.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file subject.php of…
Medium
CVE-2024-6277
A vulnerability, which was classified as critical, was found in lahirudanushka School Management System 1.0.0/1.0.1. Affected is an unknown function of the file student.php of the component Student P…
Medium
CVE-2024-6276
A vulnerability, which was classified as critical, has been found in lahirudanushka School Management System 1.0.0/1.0.1. This issue affects some unknown processing of the file teacher.php of the com…
Medium
CVE-2024-6275
A vulnerability classified as critical was found in lahirudanushka School Management System 1.0.0/1.0.1. This vulnerability affects unknown code of the file parent.php of the component Parent Page. T…
Medium
CVE-2024-6274
A vulnerability classified as critical has been found in lahirudanushka School Management System 1.0.0/1.0.1. This affects an unknown part of the file /attendancelist.php of the component Attendance…
2024-06-23
Medium
CVE-2024-6273
A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as problematic. Affected by this vulnerability is the function save_patient of the file patient_side.php. T…
Medium
CVE-2024-6269
A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects the function get_ip.addr_details of the file /view/vpn/autovpn/sxh_vpnlic.php of the compone…
High
CVE-2024-6268
A vulnerability, which was classified as critical, has been found in lahirudanushka School Management System 1.0.0/1.0.1. Affected by this issue is some unknown functionality of the file login.php of…
Low
CVE-2024-6267
A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file system_info/index.…
2024-06-22
High
CVE-2024-6253
A vulnerability was found in itsourcecode Online Food Ordering System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /purchase.php. The manipulation…
Low
CVE-2024-6251
A vulnerability, which was classified as problematic, was found in playSMS 1.4.3. Affected is an unknown function of the file /index.php?app=main&inc=feature_phonebook&op=phonebook_list of the compon…
Medium
CVE-2024-21519
This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the databas…
2024-06-21
Medium
CVE-2024-35781
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YAHMAN Word Balloon allows PHP Local File Inclusion.This issue affects Word Balloon: from n/a through 4…
Medium
CVE-2024-35778
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John West Slideshow SE PHP Local File Inclusion.This issue affects Slideshow SE: from n/a through 2.5.1…
High
CVE-2024-5455
The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.5.4 via the 'magazine_style' parameter within the Dynamic…
High
CVE-2024-6218
A vulnerability, which was classified as critical, has been found in itsourcecode Vehicle Management System 1.0. Affected by this issue is some unknown functionality of the file busprofile.php. The m…
Medium
CVE-2024-6217
A vulnerability classified as critical was found in SourceCodester Food Ordering Management System 1.0. Affected by this vulnerability is an unknown functionality of the file user-router.php. The man…
Medium
CVE-2024-6216
A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System 1.0. Affected is an unknown function of the file add-users.php. The manipulation of the argumen…
Medium
CVE-2024-6215
A vulnerability was found in SourceCodester Food Ordering Management System up to 1.0. It has been rated as critical. This issue affects some unknown processing of the file view-ticket-admin.php. The…
High
CVE-2024-5503
The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with Contributor-l…
Medium
CVE-2024-6214
A vulnerability was found in SourceCodester Food Ordering Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file add-item.php. The manipulation o…
High
CVE-2024-6213
A vulnerability was found in SourceCodester Food Ordering Management System up to 1.0. It has been classified as critical. This affects an unknown part of the file login.php of the component Login Pa…
Low
CVE-2024-6212
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. Affected by this issue is the function get_student of the file student_form.php. The ma…
2024-06-20
High
CVE-2024-29390
Daily Expenses Management System version 1.0, developed by PHP Gurukul, contains a time-based blind SQL injection vulnerability in the 'add-expense.php' page. An attacker can exploit the 'item' param…
High
CVE-2024-6196
A vulnerability was found in itsourcecode Banking Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation…
Medium
CVE-2024-6195
A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file orderadd.php. The man…
Medium
CVE-2024-6194
A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file editmeasurement.php. The manipulation of the…
High
CVE-2024-6193
A vulnerability, which was classified as critical, has been found in itsourcecode Vehicle Management System 1.0. This issue affects some unknown processing of the file driverprofile.php. The manipula…
High
CVE-2024-6192
A vulnerability classified as critical was found in itsourcecode Loan Management System 1.0. This vulnerability affects unknown code of the file login.php of the component Login Page. The manipulatio…
High
CVE-2024-6191
A vulnerability classified as critical has been found in itsourcecode Student Management System 1.0. This affects an unknown part of the file login.php of the component Login Page. The manipulation o…
High
CVE-2024-6190
A vulnerability was found in itsourcecode Farm Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login.…
Medium
CVE-2024-6187
A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/vpn/autovpn/sub_commit.php. The manipulation of the argument…
Medium
CVE-2024-6186
A vulnerability, which was classified as critical, was found in Ruijie RG-UAC 1.0. This affects an unknown part of the file /view/userAuthentication/SSO/commit.php. The manipulation of the argument a…
Medium
CVE-2024-6185
A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC 1.0. Affected by this issue is the function get_ip_addr_details of the file /view/dhcp/dhcpConfig/commit.php. The ma…
Medium
CVE-2024-6184
A vulnerability classified as critical was found in Ruijie RG-UAC 1.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/reboot/reboot_commit.php. The manipula…
Critical
CVE-2024-4098
The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts function. This allows unauthenticated atta…
High
CVE-2024-6113
A vulnerability was found in itsourcecode Monbela Tourist Inn Online Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file login.php. The manip…
Medium
CVE-2024-3627
The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions…
High
CVE-2024-3562
The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop custom field. This is due to insufficient sanitization of inpu…
2024-06-19
Critical
CVE-2024-36684
In the module "Custom links" (pk_customlinks) <= 2.3 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a triv…
High
CVE-2024-36680
In the module "Facebook" (pkfacebook) <=1.0.1 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The ajax script facebookConnect.php have a sensitive SQL call that can be executed wi…
Critical
CVE-2024-36679
In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) <=8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method `Lcp::saveTranslations()` suffer of a…
Critical
CVE-2024-36678
In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with…
Critical
CVE-2024-34990
In the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop, a customer can upload .php files. Methods `HelpdeskHelpdeskModuleFrontCo…
Critical
CVE-2024-33836
In the module "JA Marketplace" (jamarketplace) up to version 9.0.1 from JA Module for PrestaShop, a guest can upload files with extensions .php. In version 6.X, the method `JmarketplaceproductModuleF…
Medium
CVE-2024-37881
SiteGuard WP Plugin provides a functionality to customize the path to the login page wp-login.php and implements a measure to avoid redirection from other URLs. However, SiteGuard WP Plugin versions…
High
CVE-2024-5574
The WP Magazine Modules Lite plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.2 via the 'blockLayout' parameter. This makes it possible for authent…
High
CVE-2024-5724
The Photo Video Gallery Master plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.3 via deserialization of untrusted input 'PVGM_all_photos_details'…
Medium
CVE-2024-5649
The Universal Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.5 via deserialization of untrusted input 'fsl_get_gallery_value' function. Th…
Medium
CVE-2024-4450
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in…
2024-06-18
Medium
CVE-2024-37800
CodeProjects Restaurant Reservation System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Date parameter at index.php.
Medium
CVE-2024-37799
CodeProjects Restaurant Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the reserv_id parameter at view_reservations.php.
High
CVE-2024-6116
A vulnerability, which was classified as critical, has been found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file edit_roo…
High
CVE-2024-6115
A vulnerability classified as critical was found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file add_room.php. The m…
High
CVE-2024-6114
A vulnerability classified as critical has been found in itsourcecode Monbela Tourist Inn Online Reservation System up to 1.0. Affected is an unknown function of the file controller.php. The manipula…
High
CVE-2024-6112
A vulnerability classified as critical was found in itsourcecode Pool of Bethesda Online Reservation System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the…
High
CVE-2024-6111
A vulnerability classified as critical has been found in itsourcecode Pool of Bethesda Online Reservation System 1.0. This affects an unknown part of the file login.php. The manipulation of the argum…
High
CVE-2024-6110
A vulnerability was found in itsourcecode Magbanua Beach Resort Online Reservation System up to 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file co…
Medium
CVE-2024-6109
A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file addmeasurement.php.…
High
CVE-2023-5527
The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, wit…
High
CVE-2024-6084
A vulnerability has been found in itsourcecode Pool of Bethesda Online Reservation System up to 1.0 and classified as critical. Affected by this vulnerability is the function uploadImage of the file…
Medium
CVE-2024-6083
A vulnerability, which was classified as critical, was found in PHPVibe 11.0.46. Affected is an unknown function of the file /app/uploading/upload-mp3.php of the component Media Upload Page. The mani…
2024-06-17
Low
CVE-2024-6082
A vulnerability, which was classified as problematic, has been found in PHPVibe 11.0.46. This issue affects some unknown processing of the file functionalities.global.php of the component Global Opti…
Medium
CVE-2024-6066
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file payment_report.php. The manipulation of th…
High
CVE-2024-6065
A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation of the a…
Medium
CVE-2024-37798
Cross-site scripting (XSS) vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML…
Critical
CVE-2024-34833
Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload…
High
CVE-2024-37840
SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the Lesso…
Medium
CVE-2024-38470
zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /own.php.
Medium
CVE-2024-38469
zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /pay.php.
High
CVE-2024-37848
SQL Injection vulnerability in Online-Bookstore-Project-In-PHP v1.0 allows a local attacker to execute arbitrary code via the admin_delete.php component.
Medium
CVE-2024-37625
zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /index.php.
Medium
CVE-2024-37624
Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /chajian/inputChajian.php. component.
Medium
CVE-2024-37622
Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the num parameter at /flow/flow.php.
High
CVE-2024-37621
StrongShop v1.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the component /shippingOptionConfig/index.blade.php.
Medium
CVE-2024-37620
PHPVOD v4.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /view/admin/view.php.
Medium
CVE-2024-37619
StrongShop v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the spec_group_id parameter at /spec/index.blade.php.
High
CVE-2024-6043
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the a…
High
CVE-2024-6042
A vulnerability was found in itsourcecode Real Estate Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file property-detail.php. The m…
2024-06-16
Medium
CVE-2024-6041
A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The mani…
2024-06-15
Medium
CVE-2024-6016
A vulnerability, which was classified as critical, has been found in itsourcecode Online Laundry Management System 1.0. Affected by this issue is some unknown functionality of the file admin_class.ph…
Medium
CVE-2024-6015
A vulnerability classified as critical was found in itsourcecode Online House Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulati…
Medium
CVE-2024-6014
A vulnerability classified as critical has been found in itsourcecode Document Management System 1.0. Affected is an unknown function of the file edithis.php. The manipulation of the argument id lead…
Medium
CVE-2024-6013
A vulnerability was found in itsourcecode Online Book Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin_delete.php. The manipulation of the argume…
Medium
CVE-2024-6009
A vulnerability has been found in itsourcecode Event Calendar 1.0 and classified as critical. Affected by this vulnerability is the function regConfirm/regDelete of the file process.php. The manipula…
Medium
CVE-2024-6008
A vulnerability, which was classified as critical, was found in itsourcecode Online Book Store up to 1.0. Affected is an unknown function of the file /edit_book.php. The manipulation of the argument…
Medium
CVE-2024-6007
A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /protocol/iscgwtunnel/deleteiscgwrouteconf.php. Th…
Medium
CVE-2024-4551
The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function. This…
Critical
CVE-2024-4258
The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. Thi…
Critical
CVE-2024-3105
The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php' shortcode…
Critical
CVE-2024-5871
The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'woo_slg_verify'…
High
CVE-2024-3813
The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'td_block_title' shortcode 'block_template_id' attribute. This makes i…