Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
text vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2023-3356
The Subscribers Text Counter WordPress plugin prior to 1.7.1 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of ...
Kreci Subscribers Text Counter
7.8
CVSSv3
CVE-2017-8368
Sublime Text 3 Build 3126 allows user-assisted malicious users to cause a denial of service or possibly have unspecified other impact via a crafted .mkv file. One threat model is a victim who obtains an untrusted crafted file from a remote location and issues several user-defined...
Sublimetext Sublime Text 3 -
9.8
CVSSv3
CVE-2019-13187
The Rich Text Formatter (Redactor) extension through v1.1.1 for Symphony CMS has an Unauthenticated arbitrary file upload vulnerability in content.fileupload.php and content.imageupload.php.
Symphonyextensions Rich Text Formatter
NA
CVE-2008-5486
SQL injection vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Turnkeyforms Text Link Sales
1 EDB exploit
NA
CVE-2008-5487
Cross-site scripting (XSS) vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote malicious users to inject arbitrary web script or HTML via the id parameter.
Turnkeyforms Text Link Sales
1 EDB exploit
4.8
CVSSv3
CVE-2021-24607
The Storefront Footer Text WordPress plugin up to and including 1.0.1 does not sanitize and escape the "Footer Credit Text" added to pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed.
Wooassist Storefront Footer Text
7.8
CVSSv3
CVE-2019-16253
The Text-to-speech Engine (aka SamsungTTS) application prior to 3.0.02.7 and 3.0.00.101 for Android allows a local malicious user to escalate privileges, e.g., to system privileges. The Samsung case ID is 101755.
Samsung Text-to-speech
8 Github repositories
7.5
CVSSv3
CVE-2023-3894
Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of serv...
Fasterxml Jackson-dataformats-text
5.4
CVSSv3
CVE-2023-5745
The Reusable Text Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text-blocks' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible ...
Halgatewood Reusable Text Blocks
6.1
CVSSv3
CVE-2023-0602
The Twittee Text Tweet WordPress plugin up to and including 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen.
Johnniejodelljr Twittee Text Tweet
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »