11 matches found
WordPress List category posts plugin <= 0.92.0 - Authenticated (Contributor+) Information Exposure vulnerability
Authenticated Contributor+ Information Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin List category posts versions = 0.92.0...
CVE-2019-11377
wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fmgettextexts function...
CVE-2024-11377
creationtimestamp| type| source ---|---|--- 2025-01-07 04:38:11+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/316 2025-01-07 05:15:44+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4vf5hyou22...
CVE-2024-11377 Automate Hub Free by Sperse.IO <= 1.7.0 - Reflected Cross-Site Scripting
The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2024-11377
CVE-2024-11377 is a Reflected Cross‑Site Scripting vulnerability in the WordPress plugin Automate Hub Free by Sperse.IO. It affects all versions up to 1.7.0 and arises from insufficient input sanitization and output escaping in the id parameter, enabling unauthenticated attackers to inject script...
CVE-2024-11377 Automate Hub Free by Sperse.IO <= 1.7.0 - Reflected Cross-Site Scripting
The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2020-11377
...
CVE-2020-11377
CVE-2020-11377 is rejected/not used.
CVE-2019-11377
wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fmgettextexts function...
CVE-2019-11377
CVE-2019-11377 affects WCMS v0.3.2: wcms/wex/finder/action.php is vulnerable to Arbitrary File Upload via developer/finder because .php is allowed by fm_get_text_exts. Root cause: PHP extension allowed for uploads. Impact details are provided in the connected records, with CVSS2/3 metrics (6.5/8....
CVE-2018-11377
The CVE-2018-11377 issue affects radare2 (v2.5.0) where the avr_op_analyze() function can be exploited by a crafted binary to trigger a heap-based out-of-bounds read and crash the application, i.e., a remote denial of service. This denial of service is described in multiple sources (NVD/Nessus/OS...