2018.08.20
Unrestricted file upload vulerability in WordPress 4.9.7 (CVE-2018-14028)
Unrestricted file upload vulerability in SeedDMS before 5.1.8 (CVE-2018-12940)
Arbitrary File Upload vulnerability in Subrion CMS 4.2.1 (CVE-2018-14840)
XSS vulnerability Wolf CMS 0.8.3.1 (CVE-2018-6890)
XSS vulerability in joyplus-cms 1.6.0 (CVE-2018-10096)
bl_domains update
2018.08.29
XSS vulerability in jDownloads extension before 3.2.59 for Joomla (CVE-2018-10068)
XSS vulerability in Geo Mashup plugin before 1.10.4 for WordPress (CVE-2018-14071)
Content injection and CSRF vulnerability in ULike plugin version 2.8.1, 3.1 for WordPress (CVE-2018-1000511)
XSS and CSRF vulnerability in Metronet Tag Manager plugin version 1.2.7 for WordPress (CVE-2018-1000506)
XSS vulnerability in Wolf CMS 0.8.3.1 (CVE-2018-14837)
XSS vulnerability in Joyplus CMS 1.6.0 (CVE-2018-14500)
SQL injection vulnerability in Joyplus CMS 1.6.0 (CVE-2018-14501)
bl_domains update
Serhyo
September 5, 2018, 5:00pm
163
2018.09.05
XSS vulnerability in Joomla! before 3.8.12 (CVE-2018-15880)
Unrestricted file vulnerability in Joomla! before 3.8.12 (CVE-2018-15882)
OS command injection vulerability in Plainview Activity Monitor plugin 20161228 for WordPress (CVE-2018-15877)
XSS vulnerability Wolf CMS 0.8.3.1 (CVE-2018-15842)
XSS vulnerability in Joyplus CMS 1.6.0 (CVE-2018-8767)
XSS vulnerability in Wolf CMS 0.8.3.1 (CVE-2018-1000084)
Directory traversal vulnerability OpenCart through 3.0.2.0 (CVE-2018-11495)
SQL injection vulnerability in SeedDMS before 5.1.8 (CVE-2018-12942)
SQLi vulnerability in WUZHI CMS 4.1.0 (CVE-2018-15894)
SQL injection vulnerability in Dolibarr ERP/CRM version 7.0.3 (CVE-2018-13448, CVE-2018-13450)
XSS and SQLi vulnerability in WUZHI CMS 4.1.0 (CVE-2018-15893)
XSS vulnerability in MiniCMS v1.10 (CVE-2018-10227)
XSS vulnerability in Wolf CMS 0.8.3.1 (CVE-2018-1000087)
bl_domains update
Serhyo
September 13, 2018, 4:22pm
164
2018.09.13
XSS vulnerability in Import any XML or CSV File (WP All Import) plugin 3.4.9 for WordPress (CVE-2018-16254, CVE-2018-16255, CVE-2018-16257, CVE-2018-16258, CVE-2018-16259)
XSS vulnerability in File Manager plugin V2.9 for WordPress (CVE-2018-16363)
XSS vulnerability in CMSUno before 1.5.3 (CVE-2018-15567)
XSS vulnerability in MiniCMS v1.10 (CVE-2018-15899, CVE-2018-16298)
XSS vulnerability in MiniCMS v1.10 (CVE-2018-10296)
XSS vulnerability in Bludit 2.3.4 (CVE-2018-16313)
XSS vulnerability in ChemCMS 1.0.6 (CVE-2018-16346)
Directory Traversal vulnerability in idreamsoft iCMS V7.0.11 (CVE-2018-16320)
XSS vulnerability in WUZHI CMS 4.1.0 (CVE-2018-16349, CVE-2018-16350)
XSS vulnerability in GetSimple CMS 3.4.0.9 (CVE-2018-16325)
Directory traversal vulnerability in SeedDMS before 5.1.8 (CVE-2018-12939)
XSS vulnerability in idreamsoft iCMS V7.0.11 (CVE-2018-9922)
bl_domain update
Serhyo
September 19, 2018, 4:08pm
165
2018.09.19
CSRF and XSS vulnerability in File Manager plugin V3.0 for WordPress (CVE-2018-16966 ,CVE-2018-16967)
XSS vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 for WordPress (CVE-2018-0642)
SQLi vulnerability in OpenEMR before 5.0.1.4 (CVE-2018-15147)
XSS vulnerability in BTITeam XBTIT 2.5.4. (CVE-2018-16361)
XSS and SQLi vulnerability in OpenEMR before 5.0.1.4 (CVE-2018-15144, CVE-2018-15151 and CVE-2018-15146)
XSS vulnerability in YzmCMS 3.7 (CVE-2018-8078)
Directory Traversal vulnerability in Monstra CMS through 3.0.4 (CVE-2018-9038)
XSS vulnerabilities in e107 2.1.8 (CVE-2018-16381)
XSS vulnerability in frog cms 0.9.5 (CVE-2018-16374)
Arbitrary code execution vulnerability in Request URI
bl_domains update
Serhyo
October 4, 2018, 5:06pm
166
2018.10.04
XSS and SQLi vulnerability in Gift Vouchers plugin 2.0.1 and before for WordPress (CVE-2018-16159, CVE-2018-16609, CVE-2018-16610, CVE-2018-16611, CVE-2018-16612)
XSS vulnerability in Subrion 4.2.1 (CVE-2018-16327)
XSS vulnerability in Monstra CMS through 3.0.4 (CVE-2018-17024, CVE-2018-17025, CVE-2018-17026)
XSS vulnerability in Dolibarr ERP/CRM 7.0.3 (CVE-2018-17239)
SQLi vulnerability in Simple POS 4.0.24 (CVE-2018-17110)
SQLi vulnerability in OpenEMR before 5.0.1.4 (CVE-2018-15149)
XSS vulnerability in OpenEMR before 5.0.1.4 (CVE-2018-1000218, CVE-2018-1000219)
XSS vulnerability in FV Flowplayer Video Player plugin 7.1.15.727 for WordPress
XSS vulnerability in Dolibarr ERP/CRM 8.0.2
bl_domains update
Serhyo
October 10, 2018, 12:29pm
167
2018.10.10
SQL injection vulnerability in Collection Factory 4.1.9 component for Joomla (CVE-2018-17383)
XSS vulnerability in WPtouch plugin 4.3.28 for WordPress (CVE-2018-17417)
Local File Inclusion vulnerability in Wechat Broadcast 1.2.0 Plugin for WordPress(CVE-2018-16283)
CSRF and XSS vulnerability in WP Fastest Cache 0.8.8.5 plugin for WordPress (CVE-2018-17583, CVE-2018-17584, CVE-2018-17585 and CVE-2018-17586)
XSS vulnerability in Monstra CMS through 3.0.4 (CVE-2018-17024, CVE-2018-17025, CVE-2018-17026)
XSS vulnerability in Navigate CMS 2.8 (CVE-2018-17255)
SQLi vulnerability in OpenEMR before 5.0.1.4 (CVE-2018-15148)
Local File Inclusion vulnerability in BigTree 4.2.23 (CVE-2018-17341)
XSS vulnerability in the MODX Revolution v2.6.5-pl (CVE-2018-17556)
SQL injection vulnerability in WUZHI CMS 4.1.0 (CVE-2018-17852)
XSS vulnerability in Monstra CMS through 3.0.4 (CVE-2018-16819, CVE-2018-16820)
XSS vulnerability in MetInfo 6.0.0 (CVE-2018-9928)
bl_domains update
Serhyo
October 18, 2018, 3:02pm
168
2018.10.18
XSS vulnerability in FooGallery plugin through 1.4.31 for WordPress (CVE-2018-17308)
XSS vulnerability in Wp-Insert 2.4.2 plugin for WordPress (CVE-2018-17991)
XSS vulnerability in Affiliates Manager plugin through 2.6.0 for WordPress (CVE-2018-17579)
XSS vulnerability in Ultimate WordPress Auction plugin through 1.4.31 (CVE-2018-17576)
SQLi and XSS vulnerability in Slideshow Gallery 1.6.8 plugin for WordPress (CVE-2018-18017, CVE-2018-18018 and CVE-2018-18019)
XSS vulnerability in Tribulant Slideshow Gallery 1.6.8 plugin for WordPress (CVE-2018-17946)
XSS vulnerability in LearnPress WordPress LMS Plugin through 3.0.12.1 (CVE-2018-17970, CVE-2018-17971)
XSS vulerability in Affiliates Manager plugin 2.6.0 for WordPress (CVE-2018-17995)
XSS vulnerability in Email Subscribers & Newsletters 3.5.13 for WordPress (CVE-2018-18063, CVE-2018-18076)
XSS vulnerability in LimeSurvey 3.14.7 (CVE-2018-17003)
XSS vulnerability in DiliCMS 2.4.0 (CVE-2018-10430)
XSS vulnerability in GetSimple CMS 3.3.15 (CVE-2018-17835)
XSS vulnerability in waimai Super Cms 20150505 (CVE-2018-15570)
XSS vulnerability in waimai Super Cms 20150505 (CVE-2018-18082)
FPs fix
bl_domains update
Serhyo
October 24, 2018, 4:23pm
169
2018.10.24
XSS vulnerability in Smart Slider3 plugin version 3.3.8 for WordPress (CVE-2018-18302, CVE-2018-18303, CVE-2018-18304, CVE-2018-18305)
XSS vulnerability in Ultimate Member - User Profile & Membership plugin 2.0.29 and before 2.0.28 for WordPress (CVE-2018-17866)
XSS vulnerability WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress (CVE-2018-18069)
XSS vulnerability in CMS Made Simple 2.2.7 (CVE-2018-18270 & CVE-2018-18271)
XSS vulnerability in DiliCMS 2.4.0 (CVE-2018-18209, CVE-2018-18210)
XSS vulnerability in Navigate CMS 2.8 (CVE-2018-17849)
XSS vulnerability in Slimstat Analytics 4.7.8.3 plugin for WordPress
XSS vulnerability in Chamber Dashboard Business Directory plugin 3.0.2 for WordPress
CSRF and XSS vulnerability in Slimstat Analytics 4.7.8.3 plugin for WordPress
XSS vulnerability in waimai Super Cms 20150505
FP fix
bl_domains update
Serhyo
October 30, 2018, 3:34pm
170
2018.10.30
XSS vulnerability in LUYA CMS 1.0.12 (CVE-2018-18259)
SQL injection vulnerability in Questions 1.4.3 component for Joomla (CVE-2018-17377)
XSS vulnerability Schiocco Support Board - Chat And Help Desk plugin 1.2.3 for WordPress (CVE-2018-18373)
Unrestricted file upload vulnerability in Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress (CVE-2018-18461)
XSS vulnerability in Appointments plugin 2.4.0 for WordPress
XSS vulnerability in NextGEN Gallery plugin 3.0.16 for WordPress
XSS vulnerability in Unite Gallery Lite plugin 1.7.43 for WordPress
XSS vulnerability in Smart Slider3 plugin version 3.3.8 for WordPress
bl_domains update
Serhyo
November 6, 2018, 4:24pm
171
2018.11.06
SQL injection vulnerability in Reverse Auction Factory 4.3.8 component for Joomla! (CVE-2018-17376)
SQL injection vulnerability in Swap Factory 2.2.1, Raffle Factory 3.5.2, Penny Auction Factory 2.0.4 component for Joomla! (CVE-2018-17379, CVE-2018-17378, CVE-2018-17384)
SQL injection vulnerability in Timetable Schedule 3.6.8 component for Joomla! (CVE-2018-17394)
SQL injection vulnerability in Music Collection 3.0.3 component for Joomla! (CVE-2018-17375)
SQL injection vulnerability in Article Factory Manager 4.3.9 component for Joomla! (CVE-2018-17380)
XSS vulnerability in Events Manager plugin prior to version 5.9 for WordPress (CVE-2018-0576)
XSS vulnerability in WP Live Chat Support plugin 8.0.15 for WordPress (CVE-2018-18460)
XSS and SQLi vulnerability in OpenEMR before 5.0.1.4 (CVE-2018-15144, CVE-2018-15151 and CVE-2018-15146)
bl_domains update
Serhyo
November 28, 2018, 5:19pm
172
2018.11.28
SQL injection vulnerability in Jobs Factory 2.0.4 component for Joomla! (CVE-2018-17382)
SQL injection vulnerability in AlphaIndex Dictionaries 1.0 component for Joomla! (CVE-2018-17397)
XSS vulnerability in Snazzy Maps plugin before 1.1.5 for WordPress (CVE-2018-17947)
SQLi vulnerability in Piwigo before 2.9.3 (CVE-2018-6883)
XSS vulnerability in VO Store Locator plugin 3.2.12 for WordPress
XSS vulnerability in WP Native Articles plugin 1.5.3 for WordPress
XSS vulnerability in Interactive World Map plugin 1.1 for WordPress
XSS vulnerability in Simba Plugin Updates Manager 1.8.11 for WordPress
XSS vulnerability in Amazon Product in a Post Plugin 4.0.3.3 for WordPress
XSS vulnerability in Simple Wishlists for Weddings, Birthdays etc Plugin 1.5.3 For WordPress
FP fix
bl_domains update
Serhyo
December 6, 2018, 5:02pm
173
2018.12.06
XSS vulnerability in DomainMOD 4.11.01 (CVE-2018-19136, CVE-2018-19137)
SQL injection vulnerability in Social Factory 3.8.3 component for Joomla (CVE-2018-17385)
XSS vulnerability in Ninja Forms plugin before 3.3.18 for WordPress (CVE-2018-19287)
Arbitrary Code Execution vulnerability in WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress (CVE-2018-19207)
XSS vulnerability in WordPress Download Manager Plugin 2.9.82
XSS vulnerability in Restrict User Access WordPress Plugin 1.0.1
XSS vulnerability in Another WordPress Classifieds Plugin 3.9.3
XSS vulnerability in Another WordPress Classifieds Plugin 3.9.3
XSS vulnerability in Another WordPress Classifieds Plugin 3.9.3
bl_domains update
Serhyo
December 12, 2018, 4:57pm
174
2018.12.12
SQL injection vulnerability in JCK Editor component 6.4.4 for Joomla (CVE-2018-17254)
SQL injection vulnerability in webERP 4.15 (CVE-2018-19435)
directory traversal vulnerability in PopojiCMS v2.0.1 (CVE-2018-18936)
directory traversal vulnerability in OpenEMR before 5.0.1.4 (CVE-2018-15140)
directory traversal vulnerability in BearAdmin 0.5 (CVE-2018-11413)
XSS vulnerability in MantisBT 2.3.x before 2.3.2 (CVE-2017-7897)
XSS vulnerability in Custom Field Suite plugin 2.5.12 for WordPress
XSS vulnerability Charitable - Donation Plugin 1.6.6 for WordPress
XSS vulnerability in Image Photo Gallery Final Tiles Grid 3.3.52 for WordPress
bl_domains update
Serhyo
December 18, 2018, 5:09pm
175
2018.12.18
XSS vulnerability in Easy Testimonials plugin 3.2 for WordPress (CVE-2018-19564)
SQL injection vulnerability in Arigato Autoresponder and News letter plugin 2.5.1.8 for WordPress (CVE-2018-1002000)
XSS vulnerability in Arigato Autoresponder and News letter plugin 2.5.1.8 for WordPress (CVE-2018-1002006, CVE-2018-1002007)
XSS vulnerability in Arigato Autoresponder and News letter plugin 2.5.1.8 for WordPress (CVE-2018-1002001, CVE-2018-1002002, CVE-2018-1002003, CVE-2018-1002004, CVE-2018-1002005, CVE-2018-1002008)
XSS vulnerability in Bookly - Online Booking and Scheduling Plugin 16.4 for WordPress
XSS vulnerability in Opti MozJpeg Guetzli WebP plugin 1.16 for WordPress 3.9.3
XSS vulnerability in Image Hover Effects plugin 4.7.6 for WordPress
bl_domains update
Serhyo
January 14, 2019, 9:41am
176
2019.01.14
Open redirect vulnerability in Ninja Forms plugin before 3.3.19.1 for WordPress (CVE-2018-19796)
XSS vulnerability in Arigato Autoresponder and News letter 2.5.1.8 plugin for WordPress (CVE-2018-1002009)
Directory Traversal vulnerability in PHPSHE 1.7 (CVE-2018-18485)
Directory Traversal vulnerability in HRSALE The Ultimate HRM 1.0.2 (CVE-2018-10260)
XSS vulnerability in DomainMOD 4.11.01 (CVE-2018-19750, CVE-2018-19751, CVE-2018-19892)
XSS vulnerability in DomainMOD 4.11.01 (CVE-2018-19749, CVE-2018-19752, CVE-2018-19913, CVE-2018-19914, CVE-2018-19915, CVE-2018-20009, CVE-2018-20010, CVE-2018-20011)
XSS vulnerability in BlackCat CMS 1.3.2 (CVE-2018-16635)
XSS vulnerability in LifterLMS Plugin 3.25.4 for WordPress
Serhyo
January 17, 2019, 5:19pm
177
2019.01.17
XSS vulnerability in Zurmo 3.2.4 (CVE-2018-19506)
SQL injection vulnerability in Dolibarr ERP/CRM version 6.0.4 (CVE-2017-17900)
Directory traversal vulnerability in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 (CVE-2016-9835)
XSS vulnerability in SilverStripe CMS before 3.6.1 (CVE-2017-14498)
Unrestricted file upload vulnerability in AccessPress Anonymous Post Pro 3.2.0 for WordPress (CVE-2017-1649)
XSS vulnerability in Disqus Comment System plugin before 2.76 for WordPress (CVE-2014-5345)
XSS vulnerability in Image Photo Gallery Final Tiles Grid 3.3.52 for WordPress
SQL injection vulnerability in WP AutoSuggest plugin 0.24 for WordPress
XSS vulnerability in Dolibarr ERP/CRM 8.0.3
XSS vulnerability in Booking Calendar for WordPress
Serhyo
January 23, 2019, 6:26pm
178
2019.01.23
XSS vulnerability in JSmol2WP plugin 1.07 for WordPress (CVE-2018-20462)
Directory traversal vulnerability in JSmol2WP plugin 1.07 for WordPress (CVE-2018-20462)
CSRF vulnerability in two-factor-authentication plugin before 1.3.13 for WordPress (CVE-2018-20231)
XSS and SQLi vulnerability in WUZHI CMS 4.1.0 (CVE-2018-14515, CVE-2018-14472, CVE-2018-20572)
XSS vulnerability in MantisBT 2.1.0 through 2.17.1 (CVE-2018-17782, CVE-2018-17783)
SQLi vulnerability in Dolibarr ERP/CRM version 7.0.3 (CVE-2018-13449)
SQL injection vulnerability in WP Google Map Plugin 4.0.4 and below for WordPress
XSS vulnerability in ForkCMS 5.0.6
Serhyo
February 5, 2019, 5:40pm
179
2019.02.05
XSS vulnerability in Joomla before 3.9.2 (CVE-2019-6263)
SQLi vulnerability in File Download Tracker 3.0 component for Joomla (CVE-2018-6004)
SQL injection vulnerability in Pinterest Clone Social Pinboard 2.0 component for Joomla (CVE-2018-5987)
SQL injection vulnerability in Zap Calendar Lite 4.3.4 component for Joomla
SQL injection vulnerability in Survey Force Deluxe 3.2.4 component for Joomla
SQL injection vulnerability in J-BusinessDirectory 4.9.7 component for Joomla
FP fix
Serhyo
February 14, 2019, 3:45pm
180
2019.02.14
CSRF vulnerability in Tooltipy plugin 5.0 for WordPress (CVE-2018-1000505)
SQL injection vulnerability in FrontAccounting 2.4.5 (CVE-2018-1000890)
SQL injection vulnerability in Dolibarr ERP/CRM 8.0.2 (CVE-2018-19998)
XSS Vulnerability in Evolution 1.4.x CMS (CVE-2018-16637)
XSS vulnerabilty in CMS Made Simple 2.2.8 (CVE-2018-20464)
XSS vulnerability in DomainMOD 4.11.01 (CVE-2018-1000856)
SQL injection vulnerability in CuppaCMS (CVE-2018-19559)
XSS vulnerability in YzmCMS 5.1 (CVE-2018-17044)
XSS vulnerability in User Registration plugin v1.5.3 for WordPress
SQL Injection vulnerability in Dolibarr ERP/CRM 8.0.4