Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tms-outsource vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-0720
The Amelia WordPress plugin prior to 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who ...
Tms-outsource Amelia
6.1
CVSSv3
CVE-2022-0627
The Amelia WordPress plugin prior to 1.0.47 does not sanitize and escape the code parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
Tms-outsource Amelia
8.8
CVSSv3
CVE-2022-0687
The Amelia WordPress plugin prior to 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager&qu...
Tms-outsource Amelia
4.3
CVSSv3
CVE-2022-0616
The Amelia WordPress plugin prior to 1.0.47 does not have CSRF check in place when deleting customers, which could allow malicious users to make a logged in admin delete arbitrary customers via a CSRF attack
Tms-outsource Amelia
8.1
CVSSv3
CVE-2021-24198
The wpDataTables – Tables & Table Charts premium WordPress plugin prior to 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are prese...
Tms-outsource Wpdatatables
8.1
CVSSv3
CVE-2021-24197
The wpDataTables – Tables & Table Charts premium WordPress plugin prior to 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are prese...
Tms-outsource Wpdatatables
6.1
CVSSv3
CVE-2019-6011
Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Tms-outsource Wpdatatables Lite
7.2
CVSSv3
CVE-2019-6012
SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and previous versions allows remote authenticated malicious users to execute arbitrary SQL commands via unspecified vectors.
Tms-outsource Wpdatatables Lite
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2