WordPress WowOptin: Next-Gen Popup Maker plugin <= 1.4.29 - Unauthenticated Server-Side Request Forgery via 'link' Parameter in REST API vulnerability

Unauthenticated Server-Side Request Forgery via 'link' Parameter in REST API vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin WowOptin versions = 1.4.29...

CVE-2024-9099

In lunary-ai/lunary version v1.4.29, the GET /projects API endpoint exposes both public and private API keys for all projects to users with minimal permissions, such as Viewers or Prompt Editors. This vulnerability allows unauthorized users to retrieve sensitive credentials, which can be used to...

CVE-2021-25047

The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affected by a reflected Cross-Site Scripting XSS vulnerability in the wdiapplychanges admin page, allowing an attacker to perform such attack against any logged in users...

WordPress插件跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress 10Web Social Photo Feed Plugin has a cross-site scripting vulnerability in versions prior to 1.4.29, which stems...

lighttpd 1.4.29 http_auth.c 拒绝服务漏洞

No description provided by source...

CVE-2001-0037

CVE-2001-0037 affects HomeSeer prior to version 1.4.29 and is a directory traversal vulnerability. The issue arises from insufficient validation of URL-embedded .. sequences, allowing remote attackers to read arbitrary files. Impact is read access to non-public files; no exploit details are provi...