303 matches found
PT-2025-1492 · Unknown · Idx Impress Listings
Name of the Vulnerable Software and Affected Versions: IDX IMPress Listings versions n/a through 2.6.2 Description: The issue is related to a Missing Authorization vulnerability in IDX IMPress Listings, which allows exploiting incorrectly configured access control security levels. Recommendations...
PT-2024-36206 · WordPress · Wpexpertsio New User Approve
Name of the Vulnerable Software and Affected Versions: WPExpertsio New User Approve versions 2.6.2 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For WPExpertsi...
WordPress plugin New User Approve 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress New User Approve plugin <= 2.6.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Savphill Patchstack Alliance in WordPress Plugin New User Approve versions = 2.6.2...
WordPress plugin Sky Addons for Elementor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
WordPress Sky Addons for Elementor Plugin <= 2.6.1 is vulnerable to Sensitive Data Exposure
Software Sky Addons for Elementor Type Plugin Vulnerable versions = 2.6.1 Fixed in 2.6.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-9542 Patch priority Low CVSS severity Low 4.3 Developer Shahidul Islam PSID d2ce76706206 Credits Nishiv Required...
CVE-2024-50407
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Kiboko Labs Namaste! LMS allows Reflected XSS.This issue affects Namaste! LMS: from n/a through 2.6.2...
WordPress plugin Namaste! LMS 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2024-34180 · Unknown · Namaste! Lms
Name of the Vulnerable Software and Affected Versions: Namaste! LMS versions through 2.6.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks. Recommendations: For versions...
WordPress plugin Namaste! LMS 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
GHSA-W455-MFQ9-HF74 insane vulnerable to Regular Expression Denial of Service
insane is a whitelist-oriented HTML sanitizer. Versions 2.6.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, no known patches are available...
WordPress Infinite-Scroll plugin <= 2.6.2 - Cross-Site Request Forgery to Plugin Settings Update vulnerability
Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by Francesco Carlucci in WordPress Plugin Infinite-Scroll versions = 2.6.2...
PT-2024-15990 · WordPress · Infinite-Scroll
Name of the Vulnerable Software and Affected Versions: Infinite-Scroll plugin for WordPress versions up to, and including, 2.6.2 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the process ajax edit and process ajax delete functions...
PT-2024-32704 · Unknown · Payflex Payment Gateway
Name of the Vulnerable Software and Affected Versions: Payflex Payment Gateway versions through 2.6.1 Description: The issue is an 'Open Redirect' vulnerability, which allows URL redirection to untrusted sites. This vulnerability affects Payflex Payment Gateway. Recommendations: For Payflex Payme...
CVE-2024-7327 Xinhu RockOA openmodhetongAction.php dataAction sql injection
A vulnerability classified as critical was found in Xinhu RockOA 2.6.2. This vulnerability affects the function dataAction of the file /webmain/task/openapi/openmodhetongAction.php. The manipulation of the argument nickName leads to sql injection. The attack can be initiated remotely. The exploit...
CVE-2024-7327
The CVE-2024-7327 entry concerns Xinhu RockOA 2.6.2. The vulnerable component is the function dataAction in /webmain/task/openapi/openmodhetongAction.php, where manipulating the nickName parameter leads to SQL injection. The vulnerability is exploitable remotely, and the exploit has been publicly...
GHSA-X72P-G37Q-4XR9 Withdrawn: SFTPGo's JWT implmentation lacks certain security measures
Withdrawn: The attack vector described in the backing report required that an attacker gain access to a user's session cookie. By gaining access to the session cookie the attacker is for all intents and purposes the valid user and any access to user data would be expected. In SFTPGo 2.6.2, the JW...
CVE-2024-40430
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...
CVE-2024-40430
...
CVE-2024-40430
...