Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
plus vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2013-3254
Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the WP Photo Album Plus plugin prior to 5.0.3 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the commentid parameter in a wppa_manage_comments edit action.
Wppa.opajaap Wp-photo-album-plus 5.0.1
Wppa.opajaap Wp-photo-album-plus
Wppa.opajaap Wp-photo-album-plus 5.0.0
NA
CVE-2023-35786
Zoho ManageEngine ADManager Plus prior to 7183 allows admin users to exploit an XXE issue to view files.
Zohocorp Manageengine Admanager Plus 7.1
Zohocorp Manageengine Admanager Plus
NA
CVE-2023-35854
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is...
Zohocorp Manageengine Adselfservice Plus 6.1
Zohocorp Manageengine Adselfservice Plus
2 Github repositories
3.5
CVSSv2
CVE-2021-25115
The WP Photo Album Plus WordPress plugin prior to 8.0.10 was vulnerable to Stored Cross-Site Scripting (XSS). Error log content was handled improperly, therefore any user, even unauthenticated, could cause arbitrary javascript to be executed in the admin panel.
Wp Photo Album Plus Project Wp Photo Album Plus
NA
CVE-2023-31492
Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users.
Zohocorp Manageengine Admanager Plus 7.1
Zohocorp Manageengine Admanager Plus
NA
CVE-2015-10107
A vulnerability was found in Simplr Registration Form Plus+ Plugin up to 2.3.4 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.3.5 ...
Simplr Registration Form Plus\\+ Project Simplr Registration Form Plus\\+
7.5
CVSSv2
CVE-2021-37422
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.
Zohocorp Manageengine Adselfservice Plus
Zohocorp Manageengine Adselfservice Plus 6.1
4.3
CVSSv2
CVE-2020-35594
Zoho ManageEngine ADManager Plus prior to 7066 allows XSS.
Zohocorp Manageengine Admanager Plus
Zohocorp Manageengine Admanager Plus 7.0
6.5
CVSSv2
CVE-2020-35682
Zoho ManageEngine ServiceDesk Plus prior to 11134 allows an Authentication Bypass (only during SAML login).
Zohocorp Manageengine Servicedesk Plus
Zohocorp Manageengine Servicedesk Plus 11.1
1 Github repository
6.5
CVSSv2
CVE-2022-24978
Zoho ManageEngine ADAudit Plus prior to 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response.
Zohocorp Manageengine Adaudit Plus 7.0
Zohocorp Manageengine Adaudit Plus
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »