Source
CVE
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress advanced-page-visit-counter allows Cross-Site Scripting (XSS).This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a through 8.0.6.
URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.
SQLi vulnerability in S5 Register module for Joomla.
SQLi vulnerability in Starshop component for Joomla.
SQL njection vulnerability in SunnyToo sturls before version 1.1.13, allows attackers to escalate privileges and obtain sensitive information via StUrls::hookActionDispatcher and StUrls::getInstanceId methods.
SQL injection vulnerability in Buy Addons bavideotab before version 1.0.6, allows attackers to escalate privileges and obtain sensitive information via the component BaVideoTabSaveVideoModuleFrontController::run().
Unauthenticated LFI/SSRF in JCDashboards component for Joomla.
A reflected XSS vulnerability was discovered in the Clicky Analytics Dashboard module for Joomla.