Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

26393 risultati

VulnerabilitàAlta
CVE-2016-20084 - WordPress appointment-booking-calendar 1.1.24 Privilege Escalation XSS

CVE ID :CVE-2016-20084 Published : June 15, 2026, 2:16 p.m. | 3 hours, 25 minutes ago Description :WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent cross-site scripting payloads through the admin.php page parameters. Attackers can inject malicious JavaScript into the 'ict' and 'ics' options or the calendar 'name' parameter via GET requests to execute arbitrary scripts when the calendar is displayed or accessed in the administration interface. Severity: 7.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026
VulnerabilitàAlta
CVE-2016-20081 (CVSS 7.5)

WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the file_path parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to access sensitive files like wp-config.php outside the intended gallery directory.

NVD (NIST)15 giu 2026
VulnerabilitàAlta
CVE-2016-20078 - WordPress IMDb Profile Widget 1.0.8 Local File Inclusion via pic.php

CVE ID :CVE-2016-20078 Published : June 15, 2026, 2:16 p.m. | 1 hour, 25 minutes ago Description :WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers can supply directory traversal sequences in GET requests to pic.php to access sensitive files like wp-config.php containing database credentials and configuration data. Severity: 6.2 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026
VulnerabilitàAlta
CVE-2016-20083 - WordPress More Fields Plugin 2.1 Cross-Site Request Forgery

CVE ID :CVE-2016-20083 Published : June 15, 2026, 2:16 p.m. | 3 hours, 25 minutes ago Description :WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can craft malicious web pages that trick logged-in administrators into adding or deleting custom fields and boxes on the Write/Edit page via POST and GET requests to the options-general.php endpoint. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026
VulnerabilitàAlta
CVE-2016-20082 - WordPress Plugin Abtest Local File Inclusion via abtest_admin.php

CVE ID :CVE-2016-20082 Published : June 15, 2026, 2:16 p.m. | 3 hours, 25 minutes ago Description :WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the action parameter. Attackers can send GET requests to abtest_admin.php with malicious action values to include files from the admin directory and execute arbitrary code. Severity: 6.2 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026
VulnerabilitàAlta
CVE-2016-20080 - WordPress Brandfolder Plugin 3.0 Local File Inclusion via callback.php

CVE ID :CVE-2016-20080 Published : June 15, 2026, 2:16 p.m. | 1 hour, 25 minutes ago Description :WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability in callback.php that allows unauthenticated attackers to include arbitrary files by manipulating the wp_abspath parameter. Attackers can supply path traversal sequences or remote URLs through the wp_abspath parameter to read sensitive files like wp-config.php or execute remote code. Severity: 6.2 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026
VulnerabilitàAlta
CVE-2016-20079 - WordPress Dharma Booking 2.28.3 Local File Inclusion via proccess.php

CVE ID :CVE-2016-20079 Published : June 15, 2026, 2:16 p.m. | 1 hour, 25 minutes ago Description :WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the gateway parameter. Attackers can supply file paths with directory traversal sequences or null byte injection to the gateway parameter in proccess.php to read sensitive files like configuration and system files. Severity: 6.2 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026
VulnerabilitàAlta
CVE-2016-20077 - WordPress Plugin Photocart Link 1.6 Local File Inclusion via decode.php

CVE ID :CVE-2016-20077 Published : June 15, 2026, 2:16 p.m. | 1 hour, 25 minutes ago Description :WordPress Plugin Photocart Link 1.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in decode.php. Attackers can supply base64-encoded file paths in the 'id' parameter to the decode.php endpoint to retrieve sensitive files like wp-config.php containing database credentials and configuration data. Severity: 6.2 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE15 giu 2026
VulnerabilitàAlta
CVE-2016-20076 (CVSS 7.5)

WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the delete_backup_file and download_backup_file parameters in tools.php. Attackers can exploit insufficient input validation using directory traversal techniques to access wp-config.php, database dumps, and other sensitive files, or delete critical files .htaccess to expose backup directories.

NVD (NIST)15 giu 2026
VulnerabilitàAlta
CVE-2016-20075 (CVSS 8.8)

WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the Products tab custom file field and access them via the upcp-product-file-uploads directory to execute arbitrary code on the server.

NVD (NIST)15 giu 2026
VulnerabilitàAlta
CVE-2016-20073 (CVSS 8.2)

Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract sensitive database information including WordPress terms and configuration data.

NVD (NIST)15 giu 2026
VulnerabilitàAlta
CVE-2016-20072 (CVSS 8.2)

BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL injection in the uid parameter to extract sensitive data from the WordPress database including user information and taxonomy terms.

NVD (NIST)15 giu 2026

Pagina 384 di 2200

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.