220 matches found
PT-2025-36954
Name of the Vulnerable Software and Affected Versions: wabac.js versions 2.23.10 and below Description: wabac.js provides a full web archive replay system using Service Workers. A Reflected Cross-Site Scripting XSS vulnerability exists in the 404 error handling logic. The requestURL parameter,...
CVE-2024-11118
The 404 Error Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the updatePluginSettings function. This makes it possible for unauthenticated attackers to make changes to plug...
CVE-2023-47530
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPVibes Redirect 404 Error Page to Homepage or Custom Page with Logs allows SQL Injection.This issue affects Redirect 404 Error Page to Homepage or Custom Page with Logs: from n/a through 1.8.7...
CVE-2024-11118
CVE-2024-11118 affects the WordPress 404 Error Monitor plugin up to version 1.1. It is a CSRF vulnerability caused by missing nonce validation in updatePluginSettings(), enabling unauthenticated attackers to forge requests that modify plugin settings and clear error logs if a site admin clicks a ...
CVE-2024-11118 404 Error Monitor <= 1.1 - Cross-Site Request Forgery to Plugin Settings Update via updatePluginSettings Function
The 404 Error Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the updatePluginSettings function. This makes it possible for unauthenticated attackers to make changes to plug...
WordPress 404 Error Monitor Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software 404 Error Monitor Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-11118 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f4f174f33f42 Credits Francesco Carlucci...
Spinning wheel during store access for German users, after Storefront upgrade from 2402 to 2402 CU1
Issue: After upgrading Storefront from 2402 to 2402 CU1, German language users may experience a spinning wheel during store access. This does not apply when upgrading from earlier versions of StoreFront, such as from 2203 to 2402 CU1. Symptoms or Error: The developer tool shows Http 404 error for...
CVE-2024-9204
The Smart Custom 404 Error Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $SERVER'REQUESTURI' in all versions up to, and including, 11.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
WordPress Smart Custom 404 Error Page Plugin <= 11.4.7 is vulnerable to Cross Site Scripting (XSS)
Software Smart Custom 404 Error Page Type Plugin Vulnerable versions = 11.4.7 Fixed in 11.4.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9204 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6f4afc297c2e Credits...
CVE-2024-34471
An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal vulnerability resulting in file deletion exists in the mliRealtimeEmails.php file. The filename parameter in the export HTML functionality does not properly validate the file location, allowing an attacker to read and delete...
CVE-2024-34471
An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal vulnerability resulting in file deletion exists in the mliRealtimeEmails.php file. The filename parameter in the export HTML functionality does not properly validate the file location, allowing an attacker to read and delete...
BIT-ARGO-CD-2020-11576
Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the usernames of valid non-SSO accounts because /api/v1/session returned 401 for an existing username and 404 otherwise...
Sql injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPVibes Redirect 404 Error Page to Homepage or Custom Page with Logs allows SQL Injection.This issue affects Redirect 404 Error Page to Homepage or Custom Page with Logs: from n/a through 1.8.7...
CVE-2023-47530
CVE-2023-47530 affects the WordPress plugin WPVibes Redirect 404 Error Page to Homepage or Custom Page with Logs (<= v1.8.7). Root cause: SQL injection due to improper neutralization of input in the plugin’s SQL queries. Impact per sources: high/severe risk (CVSS ~7.2). Affected versions:
Afuzz - Automated Web Path Fuzzing Tool For The Bug Bounty Projects
Afuzz is an automated web path fuzzing tool for the Bug Bounty projects. Afuzz is being actively developed by @rapiddns Features Afuzz automatically detects the development language used by the website, and generates extensions according to the language Uses blacklist to filter invalid pages Uses...
WordPress Redirect 404 Error Page to Homepage or Custom Page with Logs Plugin <= 1.8.7 is vulnerable to SQL Injection
Software Redirect 404 Error Page to Homepage or Custom Page with Logs Type Plugin Vulnerable versions = 1.8.7 Fixed in 1.8.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-47530 Patch priority Medium CVSS severity Medium 7.6 Developer Claim ownership PSID c586c5b28368 Credit...
Over 17,000 WordPress Sites Compromised by Balada Injector in September 2023
More than 17,000 WordPress websites have been compromised in the month of September 2023 with a malware known as Balada Injector, nearly twice the number of detections in August. Of these, 9,000 of the websites are said to have been infiltrated using a recently disclosed security flaw in the tagD...
New Magecart Campaign Alters 404 Error Pages to Steal Shoppers' Credit Cards
A sophisticated Magecart campaign has been observed manipulating websites' default 404 error page to conceal malicious code in what's been described as the latest evolution of the attacks. The activity, per Akamai, targets Magento and WooCommerce websites, with some of the victims belonging to...
PT-2023-3319 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: Keycloak versions affected versions not specified Description: The issue is related to a cross-site scripting XSS vulnerability in Keycloak, an open-source identity and access management solution. This vulnerability can be exploited by settin...
CVE-2023-3085
A vulnerability, which was classified as problematic, has been found in X-WRT luci up to 22.10b202303061504. This issue affects the function runaction of the file modules/luci-base/ucode/dispatcher.uc of the component 404 Error Template Handler. The manipulation of the argument requestpath leads ...