Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ron jost vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-19208
Codiad Web IDE up to and including 2.8.4 allows PHP Code injection.
Codiad Codiad
8.8
CVSSv3
CVE-2017-14535
trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php.
Netfortris Trixbox 2.8.0.4
7.2
CVSSv3
CVE-2020-29607
A file upload restriction bypass vulnerability in Pluck CMS prior to 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
Pluck-cms Pluck
3 Github repositories
8.8
CVSSv3
CVE-2018-6383
Monstra CMS up to and including 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a ...
Monstra Monstra
8.8
CVSSv3
CVE-2021-24347
The SP Project & Document Manager WordPress plugin prior to 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It exists that php files...
Smartypantsplugins Sp Project & Document Manager
7.2
CVSSv3
CVE-2021-24155
The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin prior to 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.
Backup-guard Backup Guard
7.2
CVSSv3
CVE-2021-24862
The RegistrationMagic WordPress plugin prior to 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue
Metagauss Registrationmagic
9.8
CVSSv3
CVE-2021-24931
The Secure Copy Content Protection and Content Locking WordPress plugin prior to 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to ...
Ays-pro Secure Copy Content Protection And Content Locking
5.3
CVSSv3
CVE-2021-39327
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This a...
Ait-pro Bulletproof Security
8.8
CVSSv3
CVE-2020-35948
An issue exists in the XCloner Backup and Restore plugin prior to 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an malicious user to achieve remote code execution. The xcloner_restore.php wri...
Xcloner Xcloner
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
malicious code
XML injection
CVE-2024-28020
CVE-2024-35252
CVE-2024-5833
CVE-2024-30066
injection
CVE-2024-23282
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »