556 matches found
WordPress Iron Security 2.2.3 IP Spoofing
WordPress Iron Security plugin versions 2.2.3 and below suffer from a source IP spoofing vulnerability. Wordpress Plugin Iron Security - IP Spoofing Exploit Author: bRpsd | cyatlive.no Date: March 20, 2025 Product: https://wordpress.org/plugins/iron-security/ Version: 2.2.3 and below CVE : N/A...
Sea.js 跨站脚本漏洞
Sea.js is a web module loader open-sourced by Sea.js. A security vulnerability exists in Sea.js version 2.2.3, which originates from cross-site scripting and allows remote attackers to execute arbitrary code via the seajs package...
CVE-2024-51091
CVE-2024-51091 affects seaw.js (seajs) v2.2.3. The issue is a Cross-Site Scripting vulnerability arising from improper input sanitization in the seajs package, enabling a remote attacker to execute arbitrary code via the vulnerable component. Several connected sources corroborate the vulnerabilit...
CVE-2024-24933
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Prasidhda Malla Honeypot for WP Comment allows Reflected XSS.This issue affects Honeypot for WP Comment: from n/a through 2.2.3...
WordPress plugin Mark Posts 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-12061
The Events Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.3 via the naeventselementortemplate shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, wi...
PT-2024-17201 · WordPress · Wp Job Portal
Name of the Vulnerable Software and Affected Versions: WP Job Portal plugin for WordPress versions prior to 2.2.3 Description: The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the resumeid parameter due to insufficient escaping on the user-supplied parameter and lack of...
PT-2024-17200 · WordPress · Wp Job Portal
Name of the Vulnerable Software and Affected Versions: WP Job Portal plugin versions prior to 2.2.3 Description: The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the fieldfor, visibleParent, and id parameters due to insufficient escaping on user-supplied parameters and la...
PT-2024-17204 · WordPress · Wp Job Portal
Name of the Vulnerable Software and Affected Versions: WP Job Portal plugin versions prior to 2.2.3 Description: The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the ff parameter of the getFieldsForVisibleCombobox function due to insufficient escaping on the user-supplied...
PT-2024-12245 · Unknown · Wooproductimporter Sharkdropship For Aliexpress Dropship/Affiliate
Name of the Vulnerable Software and Affected Versions: wooproductimporter Sharkdropship for AliExpress Dropship and Affiliate versions through 2.2.3 Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation due to incorrectly configured access control...
WordPress plugin Form Data Collector 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
PT-2024-17013 · WordPress · Form Data Collector
Name of the Vulnerable Software and Affected Versions: Form Data Collector plugin for WordPress versions up to and including 2.2.3 Description: The issue is related to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts in pages...
WordPress plugin Znajdz Prace z Praca.Pl 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
PT-2024-35885 · Praca.Pl Sp. Z O.O. · Praca.Pl
Name of the Vulnerable Software and Affected Versions: Praca.Pl sp. Z o.O. Znajdź Pracę z Praca.Pl versions n/a through 2.2.3 Description: The issue affects Praca.Pl sp. Z o.O. Znajdź Pracę z Praca.Pl, allowing DOM-Based XSS due to improper neutralization of input during web page generation. This...
OESA-2024-2476 rubygem-sinatra security update
Sinatra is a DSL intended for quickly creating web-applications in Ruby with minimal effort. Security Fixes: Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a...
PT-2024-34926 · Unknown · Bg Patriarchia Bu
Name of the Vulnerable Software and Affected Versions: Bg Patriarchia BU versions n/a through 2.2.3 Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows DOM-Based XSS. Users are urged to update to t...
gophers (>=0.0.1 <=0.0.2), gupy-framework (>=0.0.1 <=0.5.7) +2 more potentially affected by CVE-2024-21543 via djoser (>=2.0.5 <=2.2.3)
djoser PYPI version =2.0.5, =0.0.1, =0.0.1, =1.3.0, =2023.12.19 Source cves: CVE-2024-21543 Source advisory: SNYK:PYTHON-DJOSER-8366540...
AZL-52557 CVE-2024-27532 affecting package fluent-bit for versions less than 2.2.3-6
wasm-micro-runtime aka WebAssembly Micro Runtime or WAMR 06df58f is vulnerable to NULL Pointer Dereference in function blocktypegetresulttypes...
AZL-53187 CVE-2024-25431 affecting package fluent-bit for versions less than 2.2.3-5
An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the checkwasabicompatibility function...
WordPress plugin Custom Twitter Feeds 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...