includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows information disclosure.

Source

includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows unauthenticated arbitrary file deletion.

Source

includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress is vulnerable to stored XSS.

Source

includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows CSRF.

Source

statusnet before 0.9.9 has XSS

Source

Elgg through 1.7.10 has a SQL injection vulnerability

Source

WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled.

Source

WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile.

Source

maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.

Source

A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a ” substring.

Source