Nadha Resto v3.2.0 Multiple Vulnerabilities
There are multiple vulnerabilities in Nadha Resto v3.2.0, a Restaurant Management App.
Posts by Tag
- XSS 10
- Injection 4
- CSRF 4
- SQLi 3
- Broken Auth 3
- SQL Injection 2
- BAC 1
- LFI 1
- HTML Injection 1
- Parameter Tampering 1
- RCE 1
XSS
POS Codekop v2.0 Multiple Vulnerabilities
There are multiple vulnerabilities in POS Codekop v2.0, a simple web-based sales application using PHP & MYSQL.
Leyka WordPress Plugin Multiple Vulnerabilities
There are XSS and CSRF vulnerabilities in the Leyka WordPress Plugin version 3.29.2 and earlier.
CVE-2023-23979 - Quick Event Manager <= 9.7.4 Unauthenticated Stored Cross Site Scripting
WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Scripting (XSS).
CVE-2023-23864 - Very Simple Google Maps <= 2.8.4 Contributor+ Cross Site Scripting
WordPress Very Simple Google Maps Plugin <= 2.8.4 is vulnerable to Cross Site Scripting (XSS).
CVE-2023-23728 - WP Flipclock <= 1.7.4 Contributor+ Cross Site Scripting
WordPress WP Flipclock Plugin <= 1.7.4 is vulnerable to Cross Site Scripting (XSS).
CVE-2023-23722 - WP eBay Product Feeds <= 3.3.1 Admin+ Stored Cross-Site Scripting
The plugin does not escape the user input, which could allow high-privileged users to perform Cross-Site Scripting attacks.
CVE-2023-23718 - Page Loading Effects <= 2.0.0 Admin+ Stored Cross-Site Scripting
The plugin does not escape the user input, which could allow high-privileged users to perform Cross-Site Scripting attacks.
CVE-2022-46073 - Helmet Store Showroom v1.0 Reflected XSS
Search page at Helmet Store Showroom v1.0 does not escape the search value, which could allow non-privileged users to perform Cross-Site Scripting attacks.
CVE-2022-3074 - Slider Hero < 8.4.4 - Admin+ Stored Cross-Site Scripting
The plugin does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks.
Injection
CVE-2022-46443 - Bang Resto v1.0 Authenticated SQL Injection
There is SQL Injection vulnerability at Bang Resto 1.0.
CVE-2022-46072 - Helmet Store Showroom v1.0 Unauthenticated SQL Injection
Helmet Store Showroom v1.0 vulnerable to unauthenticated SQL Injection.
CVE-2022-46071 - Helmet Store Showroom v1.0 Login Page SQL Injection
There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access.
CVE-2022-38796 - Feehi CMS 2.1.1 Host Header Injection
A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header.
CSRF
POS Codekop v2.0 Multiple Vulnerabilities
There are multiple vulnerabilities in POS Codekop v2.0, a simple web-based sales application using PHP & MYSQL.
Leyka WordPress Plugin Multiple Vulnerabilities
There are XSS and CSRF vulnerabilities in the Leyka WordPress Plugin version 3.29.2 and earlier.
CVE-2023-22714 - Coming Soon by Supsystic <= 1.7.10 Cross Site Request Forgery
WordPress Coming Soon by Supsystic Plugin <= 1.7.10 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2022-46074 - Helmet Store Showroom v1.0 Cross Site Request Forgery
Unauthenticated user able to add admin account due to missing CSRF protection at Helmet Store Showroom v1.0.
SQLi
CVE-2022-46443 - Bang Resto v1.0 Authenticated SQL Injection
There is SQL Injection vulnerability at Bang Resto 1.0.
CVE-2022-46072 - Helmet Store Showroom v1.0 Unauthenticated SQL Injection
Helmet Store Showroom v1.0 vulnerable to unauthenticated SQL Injection.
CVE-2022-46071 - Helmet Store Showroom v1.0 Login Page SQL Injection
There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access.
Broken Auth
Nadha Resto v3.2.0 Multiple Vulnerabilities
There are multiple vulnerabilities in Nadha Resto v3.2.0, a Restaurant Management App.
POS Codekop v2.0 Multiple Vulnerabilities
There are multiple vulnerabilities in POS Codekop v2.0, a simple web-based sales application using PHP & MYSQL.
Axcora POS #0~gitf77ec09 Broken Authentication
The Axcora POS software has a broken authentication issue that could allow unauthenticated users to create, update, or delete products. Additionally, since u...
SQL Injection
SQL Injection at Nadha Laundry v3.2.1
We found SQL Injection in Nadha Laundry v3.2.1, a Laundry Management App by NadhaMedia.
Nadha Resto v3.2.0 Multiple Vulnerabilities
There are multiple vulnerabilities in Nadha Resto v3.2.0, a Restaurant Management App.
BAC
CVE-2023-23895 - WP Time Slots Booking Form <= 1.1.82 Broken Access Control
WordPress WP Time Slots Booking Form Plugin <= 1.1.82 is vulnerable to Broken Access Control.
LFI
WordPress Landing Page Builder <= 3.1.9.8 Local File Inclusion
The Landing Page Builder plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.1.9.8 via the ‘lpp_template_select’ p...
HTML Injection
RegistrationMagic WordPress Plugin Multiple Vulnerabilities
There are Parameter Tampering and HTML Injection vulnerabilities in the RegistrationMagic WordPress Plugin version 5.1.9.2 and earlier.
Parameter Tampering
RegistrationMagic WordPress Plugin Multiple Vulnerabilities
There are Parameter Tampering and HTML Injection vulnerabilities in the RegistrationMagic WordPress Plugin version 5.1.9.2 and earlier.
RCE
POS Codekop v2.0 Multiple Vulnerabilities
There are multiple vulnerabilities in POS Codekop v2.0, a simple web-based sales application using PHP & MYSQL.