Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
insert pages project insert pages vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-4483
The Insert Pages WordPress plugin prior to 3.7.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used aga...
Insert Pages Project Insert Pages
3.5
CVSSv2
CVE-2021-24850
The Insert Pages WordPress plugin prior to 3.7.0 adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom ...
Insert Pages Project Insert Pages
4
CVSSv2
CVE-2021-24851
The Insert Pages WordPress plugin prior to 3.7.0 allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status (ie private), using a shortcode. Password protected posts/pages are not affected by such...
Insert Pages Project Insert Pages
6.4
CVSSv2
CVE-2017-18586
The insert-pages plugin prior to 3.2.4 for WordPress has directory traversal via custom template paths.
Insert Pages Project Insert Pages
7.2
CVSSv2
CVE-2021-3543
A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of a host machine could use this flaw to crash the system or escalate their privileges on the system.
Nitro Enclaves Project Nitro Enclaves
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 34
4.3
CVSSv2
CVE-2007-6611
Cross-site scripting (XSS) vulnerability in view.php in Mantis prior to 1.1.0 allows remote malicious users to inject arbitrary web script or HTML via a filename, related to bug_report.php.
Mantis Mantis
5
CVSSv2
CVE-2006-6574
Mantis prior to 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote malicious users to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field.
Mantis Mantis 1.0.0a1
Mantis Mantis 1.0.0a2
Mantis Mantis 1.0.6
Mantis Mantis
Mantis Mantis 1.0.0 Rc1
Mantis Mantis 1.0.0 Rc2
Mantis Mantis 1.0.0 Rc3
Mantis Mantis 1.0.2
Mantis Mantis 1.0.3
Mantis Mantis 1.0.0 Rc4
Mantis Mantis 1.0.0 Rc5
Mantis Mantis 1.0.4
Mantis Mantis 1.0.5
Mantis Mantis 1.0.0
Mantis Mantis 1.0.0a3
Mantis Mantis 1.0.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started