CVE-2025-11176 Quick Featured Images <= 13.7.2 - Insecure Direct Object Reference to Image Manipulation

The Quick Featured Images plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 13.7.2 via the qfisetthumbnail and qfideletethumbnail AJAX actions due to missing validation on a user controlled key. This makes it possible for authenticated...

WordPress Quick Featured Images plugin <= 13.7.2 - Insecure Direct Object Reference to Image Manipulation vulnerability

Insecure Direct Object Reference to Image Manipulation vulnerability discovered by Lucas Montes Nirox in WordPress Plugin Quick Featured Images versions = 13.7.2...

PT-2025-42230

The Quick Featured Images plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 13.7.2 via the qfi set thumbnail and qfi delete thumbnail AJAX actions due to missing validation on a user controlled key. This makes it possible for authenticate...

CVE-2024-54529

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges...

CVE-2024-54526

The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. A malicious app may be able to access private information...

CVE-2024-54488

A logic issue was addressed with improved file handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. Photos in the Hidden Photos Album may be viewed without authentication...

CVE-2024-54547

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to access protected user data...

Vulnerabilities fixed in macOS

Apple has fixed vulnerabilities in macOS Sequoia 15.2, Ventura 13.7.2, and Sonoma 14.7.2. The vulnerabilities include a use-after-free vulnerability that could lead to unexpected application termination or arbitrary code execution, and logic issues that allowed applications to modify protected...

CVE-2024-54526

The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to access private information...

CVE-2024-54527

This issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to access sensitive user data...

CVE-2024-54466

An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An encrypted volume may be accessed by a different user without prompting for the password...

CVE-2024-54474

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access user-sensitive data...

CVE-2024-44225

A logic issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to gain elevated privileges...

Apple MacOSX Security Update (HT121842)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-44201

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, iPadOS 17.7.3, macOS Sequoia 15.1, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. Processing a malicious crafted file may lead to a denial-of-service...

CVE-2024-54500

CVE-2024-54500 affects Apple platforms (iPadOS/iOS, macOS, watchOS, visionOS, tvOS) and is tied to processing a maliciously crafted image that could disclose process memory. The issue is addressed by Apple in iPadOS 18.2/iOS 18.2, macOS 14.7.2/Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7...

PT-2024-36354

Name of the Vulnerable Software and Affected Versions: macOS versions prior to Sequoia 15.2 macOS versions prior to Ventura 13.7.2 macOS versions prior to Sonoma 14.7.2 Description: A path handling issue was addressed with improved validation. Running a mount command may unexpectedly execute...

PT-2024-36346 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.7.2 macOS versions prior to 14.7.2 macOS versions prior to 15.2 Description: The issue was addressed with improved checks. An app may be able to access user-sensitive data. Recommendations: For macOS versions prior ...

PT-2024-36375

Name of the Vulnerable Software and Affected Versions: watchOS versions prior to 11.2 tvOS versions prior to 18.2 macOS Sequoia versions prior to 15.2 iOS versions prior to 18.2 iPadOS versions prior to 18.2 macOS Ventura versions prior to 13.7.2 macOS Sonoma versions prior to 14.7.2 Description:...

PT-2025-3050 · Apple · Ipados +8

Name of the Vulnerable Software and Affected Versions: macOS Ventura versions prior to 13.7.2 visionOS versions prior to 2.2 tvOS versions prior to 18.2 watchOS versions prior to 11.2 iOS versions prior to 18.2 iPadOS versions prior to 18.2 macOS Sonoma versions prior to 14.7.2 macOS Sequoia...