SQL Injection at Nadha Laundry v3.2.1
We found SQL Injection in Nadha Laundry v3.2.1, a Laundry Management App by NadhaMedia.
We found SQL Injection in Nadha Laundry v3.2.1, a Laundry Management App by NadhaMedia.
There are multiple vulnerabilities in Nadha Resto v3.2.0, a Restaurant Management App.
There are multiple vulnerabilities in POS Codekop v2.0, a simple web-based sales application using PHP & MYSQL.
There are Parameter Tampering and HTML Injection vulnerabilities in the RegistrationMagic WordPress Plugin version 5.1.9.2 and earlier.
There are XSS and CSRF vulnerabilities in the Leyka WordPress Plugin version 3.29.2 and earlier.
The Landing Page Builder plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.1.9.8 via the ‘lpp_template_select’ p...
The Axcora POS software has a broken authentication issue that could allow unauthenticated users to create, update, or delete products. Additionally, since u...
WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Scripting (XSS).
WordPress WP Time Slots Booking Form Plugin <= 1.1.82 is vulnerable to Broken Access Control.
WordPress Very Simple Google Maps Plugin <= 2.8.4 is vulnerable to Cross Site Scripting (XSS).
WordPress WP Flipclock Plugin <= 1.7.4 is vulnerable to Cross Site Scripting (XSS).
The plugin does not escape the user input, which could allow high-privileged users to perform Cross-Site Scripting attacks.
The plugin does not escape the user input, which could allow high-privileged users to perform Cross-Site Scripting attacks.
WordPress Coming Soon by Supsystic Plugin <= 1.7.10 is vulnerable to Cross Site Request Forgery (CSRF)
There is SQL Injection vulnerability at Bang Resto 1.0.
Unauthenticated user able to add admin account due to missing CSRF protection at Helmet Store Showroom v1.0.
Search page at Helmet Store Showroom v1.0 does not escape the search value, which could allow non-privileged users to perform Cross-Site Scripting attacks.
Helmet Store Showroom v1.0 vulnerable to unauthenticated SQL Injection.
There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access.
A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header.
The plugin does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks.
Recap of 2023: What I’ve Accomplished and My Goals for Next Year.