369 matches found
GHSA-8HCX-XVWW-6C6H Magento Security feature bypass
Magento versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access...
WordPress Homey theme <= 2.4.7 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Aiden in WordPress Theme Homey versions = 2.4.7...
CVE-2025-27207
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized re...
Adobe Commerce 访问控制错误漏洞
Adobe Commerce is a leading global digital commerce solution for merchants and brands from Adobe USA. An access control error vulnerability exists in Adobe Commerce that stems from an improper access control issue that could result in elevation of privilege. The following versions are affected:...
CVE-2024-7801
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Microchip TimeProvider 4100 Data plot modules allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...
CVE-2024-32782
Insertion of Sensitive Information Into Sent Data vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through = 2.4.7...
TinyFileManager 安全漏洞
TinyFileManager is a web-based file manager. It is used for storing, uploading, editing and managing files and folders online via a web browser. A security vulnerability exists in TinyFileManager version v2.4.7, which stems from a stored cross-site scripting vulnerability that could lead to the...
CVE-2022-3269
Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7...
CVE-2021-24758
The Email Log WordPress plugin before 2.4.7 does not properly validate, sanitise and escape the "orderby" and "order" GET parameters before using them in SQL statement in the admin dashboard, leading to SQL injections...
CVE-2020-21244
An issue was discovered in FrontAccounting 2.4.7. There is a Directory Traversal vulnerability that can empty folder via admin/instlang.php...
CVE-2019-15317
The give plugin before 2.4.7 for WordPress has XSS via a donor name...
AZL-60894 CVE-2024-58250 affecting package ppp 2.4.7-36
The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges...
CVE-2025-24548 WordPress Autoglot – Automatic WordPress Translation plugin <=2.4.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Autoglot Autoglot – Automatic WordPress Translation autoglot allows Reflected XSS.This issue affects Autoglot – Automatic WordPress Translation: from n/a through = 2.4.7...
WordPress plugin Autoglot – Automatic WordPress Translation 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin Autoglot - Automatic WordPress...
CVE-2025-27189
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery CSRF vulnerability that could be exploited to cause a denial-of-service condition. An attacker could trick a logged-in user into submitting a forged request to th...
CVE-2024-8420
The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on site...
CVE-2024-8420 DHVC Form <= 2.4.7 - Unauthenticated Privilege Escalation
The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on site...
CVE-2024-8420
The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to and including 2.4.7. The root cause is that the plugin allows a user to supply the 'role' field when registering, permitting unauthenticated attackers to register as an administrator on sites. Impact is...
WordPress DHVC Form plugin <= 2.4.7 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by Tonn in WordPress Plugin DHVC Form versions = 2.4.7...
Improper Authorization
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Authorization. An attacker can bypass security measures and gain unauthorized access by exploiting this vulnerability. Remediation Upgrade magento/community-editio...