Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
multiple vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-1414
Cross-site scripting (XSS) vulnerability in Multiple Time Sheets (MTS) 5.0 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the tab parameter to (1) index.php, as demonstrated using mixed case and encoded whitespace characters in the ...
Riceball Multiple Time Sheets
1 EDB exploit
9.8
CVSSv3
CVE-2023-33927
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects Multiple Page Generator Plugin – ...
Themeisle Multiple Page Generator
8.8
CVSSv3
CVE-2023-36514
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.
Woocommerce Shipping Multiple Addresses
6.1
CVSSv3
CVE-2023-37873
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.
Woocommerce Shipping Multiple Addresses
8.8
CVSSv3
CVE-2022-47143
Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple Page Generator Plugin – MPG plugin <= 3.3.9 versions.
Themeisle Multiple Page Generator
8.8
CVSSv3
CVE-2021-24602
The HM Multiple Roles WordPress plugin prior to 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page
Hmplugin Hm Multiple Roles
4.8
CVSSv3
CVE-2023-49157
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andreas Münch Multiple Post Passwords allows Stored XSS.This issue affects Multiple Post Passwords: from n/a up to and including 1.1.1.
Andreasmuench Multiple Post Passwords
NA
CVE-2008-1415
Directory traversal vulnerability in index.php in Multiple Time Sheets (MTS) 5.0 and previous versions allows remote malicious users to read arbitrary files via "../..//" (modified dot dot) sequences in the tab parameter.
Riceball Multiple Time Sheets 5.0
1 EDB exploit
NA
CVE-2008-6362
SQL injection vulnerability in sitepage.php in Multiple Membership Script 2.5 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Ezonelink Multiple Membership Script 2.5
1 EDB exploit
9.8
CVSSv3
CVE-2022-0783
The Multiple Shipping Address Woocommerce WordPress plugin prior to 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections
Themehigh Multiple Shipping Addresses For Woocommerce
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »