EUVD-2026-1289

The HBLPAY Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cusdata’ parameter in all versions up to, and including, 5.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

WordPress Plugin Oficial – Getnet para WooCommerce plugin < 1.8.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Plugin Oficial – Getnet para WooCommerce versions 1.8.1...

CVE-2025-1289 Plugin Oficial – Getnet para WooCommerce <= 1.7.3 - Admin+ Stored XSS

The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-1289

The CVE-2025-1289 entry concerns the Plugin Oficial WordPress plugin up to version 1.7.3. The vulnerability is a stored XSS risk caused by insufficient sanitisation/escaping of certain settings, enabling high-privilege users (e.g., admins) to inject XSS even when unfiltered_html is disallowed (no...

CVE-2024-7479

creationtimestamp| type| source ---|---|--- 2024-09-25 14:19:24+00:00| seen| https://t.me/cvedetector/6307 2024-09-26 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-24-1289/ 2024-09-26 08:20:27+00:00| seen| https://t.me/CyberBulletin/935 2024-09-26 08:20:27+00:00| seen|...

USN-6200-2: ImageMagick vulnerabilities

USN-6200-1 fixed vulnerabilities in ImageMagick. Unfortunately these fixes were incomplete for Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. This update fixes the problem. Original advisory details: It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected...

RHEL 7 : CloudForms 4.6.9 (RHSA-2019:1289)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1289 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual...

WordPress LearnPress Plugin <= 4.2.6.3 is vulnerable to Insecure Direct Object References (IDOR)

Software LearnPress Type Plugin Vulnerable versions = 4.2.6.3 Fixed in 4.2.6.4 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-1289 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 88d0a0c7ed9f Credits drop Required...

[SECURITY] [DLA 3737-1] imagemagick security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3737-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès February 22, 2024 https://wiki.debian.org/LTS -...

SUSE: Security Advisory (SUSE-SU-2023:4634-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 5 : mysql (ELSA-2009-1289)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2009-1289 advisory. - Add fix for CVE-2009-2446 format string vulnerability in COMCREATEDB and COMDROPDB processing Resolves: 512200 - Back-port upstream fix for...

USN-6200-1: ImageMagick vulnerabilities

It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20.04 LTS. CVE-2020-29599 It was...

Amazon Linux AMI : ImageMagick (ALAS-2023-1745)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1.25. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1745 advisory. A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation...

Medium: ImageMagick

Issue Overview: A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulti...

Mageia: Security Advisory (MGASA-2023-0136)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated imgagmagick packages fix security vulnerability

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial o...

SUSE SLES15 / openSUSE 15 Security Update : ImageMagick (SUSE-SU-2023:1756-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1756-1 advisory. - A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw...

SUSE-SU-2023:1756-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2023-1289: Fixed segmentation fault and possible DoS via specially crafted SVG. bsc1209141...

SUSE: Security Advisory (SUSE-SU-2023:1734-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:1734-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2023-1289: Fixed segmentation fault and possible DoS via specially crafted SVG. bsc1209141...