Autore: Angelo Barbosa

A vulnerability classified as problematic has been found in scottpaterson Accept Donations with PayPal & Stripe Plugin up to 1.4.4 on WordPress. This affects an unknown part. The manipulation of the argument rf leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-13728. It is possible to initiate the attack remotely. There is no exploit...

A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/app/profile_crud.php. The manipulation of the argument old_cat_img leads to path traversal: ‘../filedir’. This vulnerability is handled as CVE-2025-1599. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any...

A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/asset_crud.php. The manipulation of the argument photo1 leads to unrestricted upload. This vulnerability is known as CVE-2025-1598. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any...

A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/redirect.php. The manipulation of the argument a leads to cross site scripting. This vulnerability is traded as CVE-2025-1597. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any...

A vulnerability was found in SourceCodester Best Church Management Software 1.0 and classified as critical. This issue affects some unknown processing of the file /fpassword.php. The manipulation of the argument email leads to sql injection. The identification of this vulnerability is CVE-2025-1596. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any...