WordPress User Submitted Posts plugin < 20240516 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Guido Iván García Duva in WordPress Plugin User Submitted Posts versions 20240516...

CVE-2024-5002

The CVE-2024-5002 entry concerns the WordPress plugin User Submitted Posts (versions before 20240516). The underlying issue is that the plugin does not sanitize and escape certain settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., administrators), even when unfiltered_h...

CVE-2024-5340

A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/vpn/autovpn/subcommit.php. The manipulation of the argument key leads to os command injection. The attack may be launched remotely. The...

Wangshen SecGate 代码问题漏洞

Wangshen SecGate is a series of Gigabit firewalls from China NetShen Wangshen. A code issue vulnerability exists in Wangshen SecGate 3600 20240516 and earlier versions, which stems from the parameter reqfile in the file /?g=logimportsave that can lead to unrestricted uploads...