This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application....
The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CRSF checks in its wpsc_tickets AJAX action, which could...
The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsc_tickets AJAX action, which could allow attackers...
The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string before outputting it back in pages...
The SupportCandy WordPress plugin before 2.2.7 does not have CSRF check in the wpsc_tickets AJAX action, nor has any sanitisation...
2 min read
Remember when more than 100,000 Social Security numbers of Missouri teachers were revealed in the HTML code of a state...
The SupportCandy WordPress plugin before 2.2.7 does not validate and escape the page attribute of its shortcode, which could allow...
The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does not have proper access controls in the save_all_order AJAX action, nor...
The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in...
The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF checks in some AJAX actions, which...