31 matches found
EUVD-2019-5814
Malware in sbrugna...
WordPress Eventer - WordPress Event & Booking Manager Plugin plugin < 3.9.9 - Reflected Cross Site Scripting (XSS) vulnerability
WordPress Eventer - WordPress Event & Booking Manager Plugin plugin 3.9.9 - Reflected Cross Site Scripting XSS vulnerability discovered by Nguyễn Trung Kiên anhchangmutrang in WordPress Plugin Eventer versions 3.9.9...
WordPress Eventer plugin <= 3.9.9.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by István Márton in WordPress Plugin Eventer versions = 3.9.9.5...
CVE-2024-11132
CVE-2024-11132 - Eventer (WordPress Plugin) The WordPress Eventer plugin (up to 3.9.9) is vulnerable to Stored Cross‑Site Scripting via shortcode attributes due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher, enabl...
PT-2024-14942 · WordPress · The Master Slider
Name of the Vulnerable Software and Affected Versions: The Master Slider – Responsive Touch Slider plugin for WordPress versions up to, and including, 3.9.9 Description: The issue arises from insufficient input sanitization and output escaping on the user-supplied css class attribute in the...
WordPress Master Slider plugin <= 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin Master Slider versions = 3.9.9...
PT-2024-31214 · WordPress · The Master Slider
Name of the Vulnerable Software and Affected Versions: The Master Slider – Responsive Touch Slider plugin for WordPress versions up to, and including, 3.9.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'ms slide info' shortcode due to insufficient input...
CVE-2024-3737
CVE-2024-3737 affects cym1102 nginxWebUI up to 3.9.9. The vulnerability is a path traversal in the function findCountByQuery in /adminPage/www/addOver, triggered by manipulation of the dir argument. The issue can be exploited remotely and had publicly disclosed exploits. Affected versions: up to ...
PT-2024-27499 · Unknown · Cym1102 Nginxwebui
Name of the Vulnerable Software and Affected Versions: cym1102 nginxWebUI versions up to 3.9.9 Description: A vulnerability was found in the function upload of the file /adminPage/main/upload, which leads to unrestricted upload. The attack can be launched remotely. Recommendations: For versions u...
PT-2024-27503 · Unknown · Cym1102 Nginxwebui
Name of the Vulnerable Software and Affected Versions: cym1102 nginxWebUI versions up to 3.9.9 Description: A critical issue affects the function findCountByQuery of the file /adminPage/www/addOver. The manipulation of the argument dir leads to path traversal. This issue can be exploited remotely...
PT-2024-27508 · Unknown · Cym1102 Nginxwebui
Name of the Vulnerable Software and Affected Versions: cym1102 nginxWebUI versions up to 3.9.9 Description: A critical vulnerability has been found in cym1102 nginxWebUI. This issue affects the handlePath function of the file /adminPage/conf/saveCmd. The manipulation of the nginxPath argument lea...
nginxWebUI 代码问题漏洞
nginxWebUI is a nginx web configuration tool. cym1102 A code issue vulnerability exists in nginxWebUI version 3.9.9, which stems from an unrestricted file upload in the upload method of the /adminPage/main/upload file...
PT-2024-27516 · Unknown · Cym1102 Nginxwebui
Name of the Vulnerable Software and Affected Versions: cym1102 nginxWebUI versions up to 3.9.9 Description: A critical vulnerability was found in the cym1102 nginxWebUI, affecting unknown code of the file /adminPage/main/upload. The manipulation of the argument file leads to os command injection...
WordPress plugin MStore API 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
JVN#11705010: Beekeeper Studio vulnerable to code injection
Beekeeper Studio provided by Beekeeper Studio, Inc. contains a code injection vulnerability CWE-74. Impact A remote authenticated attacker may execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS...
Beekeeper Studio 操作系统命令注入漏洞
Beekeeper Studio is a cross-platform, open source SQL editor and database manager from Beekeeper Studio, Inc. It is available for Linux, Mac and Windows. A security vulnerability exists in Beekeeper Studio versions prior to 3.9.9, which stems from the software contains a code injection that can b...
CVE-2022-1009
The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin ...
CVE-2022-1009 Smush < 3.9.9 - Admin+ Reflected Cross-Site Scripting
The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin ...
Smush < 3.9.9 - Admin+ Reflected Cross-Site Scripting
The plugin does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin to upload a malicious...
WordPress Smush plugin <= 3.9.8 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Taurus Omar in WordPress Smush plugin versions = 3.9.8. Solution Update the WordPress Smush plugin to the latest available version at least 3.9.9...