1368 matches found
WordPress plugin Optimize 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
CVE-2025-14904
The Newsletter Email Subscribe plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4. This is due to incorrect nonce validation on the nelssettingspage function. This makes it possible for unauthenticated attackers to update plugin settings via a...
PT-2026-1573
Name of the Vulnerable Software and Affected Versions Newsletter Email Subscribe plugin for WordPress versions up to and including 2.4 Description The Newsletter Email Subscribe plugin for WordPress is susceptible to Cross-Site Request Forgery. This is a result of improper nonce validation within...
WordPress plugin AD Sliding FAQ 跨站脚本漏洞
...
WordPress Optimize theme < 2.4 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Optimize versions 2.4...
RHSA-2026:0010 Red Hat Security Advisory: httpd:2.4 security update
Bulletin has no description...
CVE-2025-68987 WordPress Cinerama theme <= 2.9 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Edge-Themes Cinerama cinerama allows PHP Local File Inclusion.This issue affects Cinerama: from n/a through = 2.9...
PT-2025-53876
Name of the Vulnerable Software and Affected Versions Edge-Themes Cinerama - A WordPress Theme for Movie Studios and Filmmakers versions through 2.4 Description The software contains a PHP Local File Inclusion issue due to improper control of filename for include/require statements. This allows f...
Oracle Linux 8 : httpd:2.4 (ELSA-2025-23732)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-23732 advisory. - Resolves: RHEL-135054 - httpd: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileInfo CVE-2025-66200 - Resolves: RHEL-135039 - http...
EUVD-2023-60233
WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo upload functionality. Attackers can upload a PHP file with arbitrary code to the /files/Messages/ directory and execute it directly through the generated file pa...
CVE-2023-53971 WebTareas 2.4 Authenticated Remote Code Execution via File Upload
WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo upload functionality. Attackers can upload a PHP file with arbitrary code to the /files/Messages/ directory and execute it directly through the generated file pa...
CVE-2023-53971 WebTareas 2.4 Authenticated Remote Code Execution via File Upload
WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo upload functionality. Attackers can upload a PHP file with arbitrary code to the /files/Messages/ directory and execute it directly through the generated file pa...
RHSA-2025:23732 Red Hat Security Advisory: httpd:2.4 security update
Bulletin has no description...
CVE-2021-47701
OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the updateuserpermissions.php script. Attackers can submit a malicious HTTP POST request to PHP scripts in '/plugins/useradmin/' directory...
CVE-2021-47718
OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like /debug/ and /php/ to discover configuration files, database credentials, and system...
CVE-2021-47703
OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip'...
CVE-2021-47703
OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip'...
CVE-2021-47704
OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting arbitrary SQL code. Attackers can send GET requests to /debug/obixtest.php with malicious 'id' values to extract database information...
CVE-2021-47702
OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests to trigger unintended actions, such as sending emails or modifying system settings...
CVE-2021-47701
OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the updateuserpermissions.php script. Attackers can submit a malicious HTTP POST request to PHP scripts in '/plugins/useradmin/' directory...