Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
plus vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2013-3254
Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the WP Photo Album Plus plugin prior to 5.0.3 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the commentid parameter in a wppa_manage_comments edit action.
Wppa.opajaap Wp-photo-album-plus 5.0.1
Wppa.opajaap Wp-photo-album-plus
Wppa.opajaap Wp-photo-album-plus 5.0.0
7.5
CVSSv2
CVE-2021-37927
Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO.
Zohocorp Manageengine Admanager Plus 7.1
Zohocorp Manageengine Admanager Plus
7.5
CVSSv2
CVE-2021-37928
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
Zohocorp Manageengine Admanager Plus
Zohocorp Manageengine Admanager Plus 7.1
7.5
CVSSv2
CVE-2021-37929
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
Zohocorp Manageengine Admanager Plus
Zohocorp Manageengine Admanager Plus 7.1
7.5
CVSSv2
CVE-2021-37930
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
Zohocorp Manageengine Admanager Plus
Zohocorp Manageengine Admanager Plus 7.1
7.5
CVSSv2
CVE-2021-37931
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
Zohocorp Manageengine Admanager Plus
Zohocorp Manageengine Admanager Plus 7.1
3.5
CVSSv2
CVE-2021-25115
The WP Photo Album Plus WordPress plugin prior to 8.0.10 was vulnerable to Stored Cross-Site Scripting (XSS). Error log content was handled improperly, therefore any user, even unauthenticated, could cause arbitrary javascript to be executed in the admin panel.
Wp Photo Album Plus Project Wp Photo Album Plus
NA
CVE-2023-35854
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is...
Zohocorp Manageengine Adselfservice Plus 6.1
Zohocorp Manageengine Adselfservice Plus
2 Github repositories
NA
CVE-2022-42904
Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings.
Zohocorp Manageengine Admanager Plus 7.1
Zohocorp Manageengine Admanager Plus
NA
CVE-2023-49813
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Stored XSS.This issue affects WP Photo Album Plus: from n/a up to and including 8.5.02.005.
Wp Photo Album Plus Project Wp Photo Album Plus
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »