-
A new version of monsoon has been released. Our new blog post covers the new features and improvements in detail.
A new version of monsoon has been released. Our new blog post covers the new features and improvements in detail. Go to Source
-
CVE-2025-0207 – Code-Projects Online Shoe Store SQL Injection Vulnerability
CVE ID : CVE-2025-0207 Published : Jan. 4, 2025, 1:15 p.m. | 27 minutes ago Description : A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /function/login.php. The manipulation of the argument password leads to sql injection. The…
-
CVE-2025-0208 – Online Shoe Store SQL Injection Vulnerability
CVE ID : CVE-2025-0208 Published : Jan. 4, 2025, 1:15 p.m. | 27 minutes ago Description : A vulnerability, which was classified as critical, was found in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /summary.php. The manipulation of the argument tid leads to sql injection. It is possible to initiate…
-
CVE-2024-12475 – “WordPress WP Multi Store Locator Stored Cross-Site Scripting Vulnerability”
CVE ID : CVE-2024-12475 Published : Jan. 4, 2025, 12:15 p.m. | 1 hour, 26 minutes ago Description : The WP Multi Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…
-
CVE-2025-0206 – Code-projects Online Shoe Store Remote Unauthenticated Access Control Violation
CVE ID : CVE-2025-0206 Published : Jan. 4, 2025, 12:15 p.m. | 1 hour, 26 minutes ago Description : A vulnerability classified as critical was found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation leads to improper access controls. The attack can be launched remotely.…
-
CVE-2024-12195 – WP Project Manager SQL Injection Vulnerability
CVE ID : CVE-2024-12195 Published : Jan. 4, 2025, 12:15 p.m. | 1 hour, 26 minutes ago Description : The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to SQL Injection via the ‘project_id’ parameter of the /wp-json/pm/v2/projects/2/task-lists REST API endpoint in all versions…
-
CVE-2024-12279 – Gravity Forms CSRF vulnerabilitiy allows remote attacker to inject malicious web scripts via forged request
CVE ID : CVE-2024-12279 Published : Jan. 4, 2025, 12:15 p.m. | 1 hour, 26 minutes ago Description : The WP Social AutoConnect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for…
-
CVE-2024-12221 – Turnkey bbPress by WeaverTheme WordPress Cross-Site Scripting Vulnerability
CVE ID : CVE-2024-12221 Published : Jan. 4, 2025, 10:15 a.m. | 28 minutes ago Description : The Turnkey bbPress by WeaverTheme plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘_wpnonce’ parameter in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for…
-
CVE-2025-0205 – “Code-projects Online Shoe Store SQL Injection Vulnerability”
CVE ID : CVE-2025-0205 Published : Jan. 4, 2025, 9:15 a.m. | 1 hour, 8 minutes ago Description : A vulnerability classified as critical has been found in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /details2.php. The manipulation of the argument id leads to sql injection. It is possible to launch…
-
CVE-2024-12583 – Dynamics 365 Integration Plugin for WordPress Remote Code Execution and Arbitrary File Read Vulnerability
CVE ID : CVE-2024-12583 Published : Jan. 4, 2025, 9:15 a.m. | 1 hour, 8 minutes ago Description : The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and…