WordPress Wordfence plugin version 7.1.12 suffers from bypass, cross site scripting, and path disclosure vulnerabilities.
>> ARCHIVE: 2018-10
User Management version 1.1 suffers from a cross site scripting vulnerability.
Zenar Content Management System version 8.3 suffers from a cross site request forgery vulnerability.
Time and Expense Management System version 3.0 suffers from a remote SQL injection vulnerability.
http://www.kudnamsai.go.th/activity/images/83506.jpg notified by BlackErroR
http://www.samrongkk.go.th/activity/images/97023.gif notified by TheMario
OwnTicket 1.0 – ‘TicketID’ SQL Injection
Learning with Texts 1.6.2 – ‘start’ SQL Injection
PHP-SHOP master 1.0 – Cross-Site Request Forgery (Add admin)
Academic Timetable Final Build versions 7.0a through 7.0b suffer from an information leakage vulnerability.