Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
insert pages project insert pages vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2021-24851
The Insert Pages WordPress plugin prior to 3.7.0 allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status (ie private), using a shortcode. Password protected posts/pages are not affected by such...
Insert Pages Project Insert Pages
570
VMScore
CVE-2017-18586
The insert-pages plugin prior to 3.2.4 for WordPress has directory traversal via custom template paths.
Insert Pages Project Insert Pages
312
VMScore
CVE-2021-24850
The Insert Pages WordPress plugin prior to 3.7.0 adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom ...
Insert Pages Project Insert Pages
NA
CVE-2022-4483
The Insert Pages WordPress plugin prior to 3.7.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used aga...
Insert Pages Project Insert Pages
641
VMScore
CVE-2021-3543
A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of a host machine could use this flaw to crash the system or escalate their privileges on the system.
Nitro Enclaves Project Nitro Enclaves
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 34
383
VMScore
CVE-2007-6611
Cross-site scripting (XSS) vulnerability in view.php in Mantis prior to 1.1.0 allows remote malicious users to inject arbitrary web script or HTML via a filename, related to bug_report.php.
Mantis Mantis
445
VMScore
CVE-2006-6574
Mantis prior to 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote malicious users to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field.
Mantis Mantis 1.0.6
Mantis Mantis 1.0.2
Mantis Mantis 1.0.4
Mantis Mantis 1.0.0 Rc3
Mantis Mantis 1.0.0 Rc1
Mantis Mantis 1.0.0 Rc2
Mantis Mantis 1.0.0
Mantis Mantis 1.0.1
Mantis Mantis 1.0.0 Rc4
Mantis Mantis 1.0.3
Mantis Mantis 1.0.5
Mantis Mantis 1.0.0a3
Mantis Mantis 1.0.0a1
Mantis Mantis 1.0.0a2
Mantis Mantis 1.0.0 Rc5
Mantis Mantis
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started