Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions.
Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1 versions.
Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions.
Unauthenticated Broken Access Control in Envira Photo Gallery <= 1.12.5 versions.
Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.
Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions.
Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions.
Unauthenticated Broken Access Control in WooCommerce POS <= 1.8.14 versions.
Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions.
Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions.
Unauthenticated Broken Access Control in JupiterX Core <= 4.14.1 versions.
Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce <= 5.2.2 versions.
Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions.
A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption an...
Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise.