CVE-2022-27858

CSV Injection vulnerability in Activity Log Team Activity Log = 2.8.3 on WordPress...

CVE-2022-33683

Apache Pulsar Brokers and Proxies create an internal Pulsar Admin Client that does not verify peer TLS certificates, even when tlsAllowInsecureConnection is disabled via configuration. The Pulsar Admin Client's intra-cluster and geo-replication HTTPS connections are vulnerable to man in the middl...

PT-2022-14861 · Wbcom Designs · Buddypress Group Reviews

Name of the Vulnerable Software and Affected Versions: Wbcom Designs – BuddyPress Group Reviews for WordPress versions up to, and including, 2.8.3 Description: The issue allows unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in...

Lightbend Play Framework 资源管理错误漏洞

Lightbend Play Framework is a web application framework written in the Scala language from Lightbend, Inc. A resource management error vulnerability exists in Lightbend Play Framework versions 2.8.3 through 2.8.15, which results in a denial of service when using the FormbindFromRequest method on...

CVE-2022-30049

A Server-Side Request Forgery SSRF in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter...

PT-2022-19985 · Rebuild · Rebuild

Name of the Vulnerable Software and Affected Versions: Rebuild version 2.8.3 Description: A Server-Side Request Forgery SSRF issue allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter. This enables attackers to access internal network details...

Rebuild 代码问题漏洞

Rebuild is a highly customizable enterprise management system. A security vulnerability exists in Rebuild version 2.8.3. An attacker can use this vulnerability to obtain a real IP address via the fileurl parameter and scan for Intranet information...

CVE-2021-36846

Authenticated admin or higher user role Stored Cross-Site Scripting XSS vulnerability in Premio Chaty WordPress plugin = 2.8.3...

Design/Logic Flaw

Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user...

CVE-2022-24804 Private group name exposure in discourse

Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user...

PT-2022-16890 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.8.3 Discourse beta versions prior to 2.9.0.beta4 Description: The issue concerns the erroneous exposure of groups in Discourse, an open source platform for community discussion. When a group with restricted...

WordPress Livemesh SiteOrigin Widgets plugin <= 2.8.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Livemesh SiteOrigin Widgets plugin versions = 2.8.2. Solution Update the WordPress Livemesh SiteOrigin Widgets plugin to the latest available version at least 2.8.3...

WordPress Livemesh SiteOrigin Widgets plugin <= 2.8.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Livemesh SiteOrigin Widgets plugin versions = 2.8.2. Solution Update the WordPress Livemesh SiteOrigin Widgets plugin to the latest available version at least 2.8.3...

Chaty Free < 2.8.3 & Pro < 2.8.2 - Reflected Cross-Site Scripting

The plugins do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting PoC http://example.com/wp-admin/admin.php?page=chaty-contact-form-feed=%3C%2Fscript%3E%3Cimg+src+onerror%3Dalert%28/XSS/%29%3E...

Chaty Free < 2.8.3 & Pro < 2.8.2 - Reflected Cross-Site Scripting

The plugins do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting http://example.com/wp-admin/admin.php?page=chaty-contact-form-feed&search=%3C%2Fscript%3E%3Cimg+src+onerror%3Dalert%28/XSS/%29%3E...

CVE-2021-41745

ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions...

CVE-2021-41745

ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions...

CVE-2021-24634

The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.3 does not properly sanitise or escape some of the properties of the Recipe Card Block such as ingredientsLayout, iconSet, steps, ingredients, recipeTitle, or settings, which could allow users with a role as low as contributor to perfor...

GHSA-W3J4-76QW-WWJM Older releases of better_errors open to Cross-Site Request Forgery attack

Impact bettererrors prior to 2.8.0 did not implement CSRF protection for its internal requests. It also did not enforce the correct "Content-Type" header for these requests, which allowed a cross-origin "simple request" to be made without CORS protection. These together left an application with...

WordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 2.8.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Recipe Card Blocks for Gutenberg & Elementor plugin versions = 2.8.2. Solution Update the WordPress Recipe Card Blocks for Gutenberg & Elementor plugin to the latest available version at least 2.8.3...