Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tms-outsource vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2023-4314
The wpDataTables WordPress plugin prior to 2.1.66 does not validate the "Serialized PHP array" input data before deserializing the data. This allows admins to deserialize arbitrary data which may lead to remote code execution if a suitable gadget chain is present on the...
Tms-outsource Wpdatatables
5.4
CVSSv3
CVE-2023-23876
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TMS-Plugins wpDataTables plugin <= 2.1.49 versions.
Tms-outsource Wpdatatables
4.8
CVSSv3
CVE-2022-29432
Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin <= 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable...
Tms-outsource Wpdatatables
6.1
CVSSv3
CVE-2023-29427
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in TMS Booking for Appointments and Events Calendar – Amelia plugin <= 1.0.75 versions.
Tms-outsource Amelia
8.8
CVSSv3
CVE-2022-0687
The Amelia WordPress plugin prior to 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager&qu...
Tms-outsource Amelia
8.1
CVSSv3
CVE-2021-24197
The wpDataTables – Tables & Table Charts premium WordPress plugin prior to 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are prese...
Tms-outsource Wpdatatables
8.1
CVSSv3
CVE-2021-24198
The wpDataTables – Tables & Table Charts premium WordPress plugin prior to 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are prese...
Tms-outsource Wpdatatables
5.4
CVSSv3
CVE-2022-0825
The Amelia WordPress plugin prior to 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the pers...
Tms-outsource Amelia
5.4
CVSSv3
CVE-2022-0837
The Amelia WordPress plugin prior to 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment hist...
Tms-outsource Amelia
6.1
CVSSv3
CVE-2023-27918
Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia versions before 1.0.76 allows a remote unauthenticated malicious user to inject an arbitrary script by having a user who is logging in the WordPress where the product is installed ...
Tms-outsource Amelia
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »