ByteOS Network

quantumcloud

Source -

ADPNVDCNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

52Vulnerabilities found

CVE-2021-24506

Assigner-WPScan

View Details

Assigner-WPScan

CVSS Score-8.8||HIGH

EPSS-0.53% / 66.34%

7 Day CHG~0.00%

Published-23 Aug, 2021 | 11:09

Updated-03 Aug, 2024 | 19:35

Slider Hero < 8.2.7 - Contributor+ SQL Injection

The Slider Hero with Animation, Video Background & Intro Maker WordPress plugin before 8.2.7 does not sanitise or escape the id attribute of its hero-button shortcode before using it in a SQL statement, allowing users with a role as low as Contributor to perform SQL injection.

Vendor-quantumcloud Unknown

Product-slider_hero Slider Hero with Animation, Video Background & Intro Maker

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2019-13463

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-6.1||MEDIUM

EPSS-0.29% / 52.00%

7 Day CHG~0.00%

Published-20 Mar, 2020 | 20:40

Updated-04 Aug, 2024 | 23:57

An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Link Directory plugin before 7.3.5 for WordPress allows remote attackers to inject arbitrary web script or HTML, because esc_html is not called for the "echo get_the_title()" or "echo $term->name" statement.

Vendor-quantumcloud n/a

Product-simple_link_directory n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')