WordPress plugin Premium Packages SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

PT-2025-5480 · WordPress · Wordpress Download Manager Premium Packages

Name of the Vulnerable Software and Affected Versions: WordPress Download Manager Premium Packages versions n/a through 5.9.6 Description: The issue is related to an SQL Injection vulnerability, specifically an Improper Neutralization of Special Elements used in an SQL Command. This allows for...

WordPress Event Post plugin <= 5.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Event post versions = 5.9.6...

CVE-2024-10186 Event Post <= 5.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via events_cal Shortcode

The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eventscal shortcode in all versions up to, and including, 5.9.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-10186

CVE-2024-10186 affects the WordPress Event post plugin. Reported as Stored XSS via the events_cal shortcode, due to insufficient input sanitization/output escaping for user-supplied attributes. Vulnerable in all versions up to 5.9.6; requires authentication (contributor-level or higher) to inject...

Important: Red Hat Security Advisory: security update Logging for Red Hat OpenShift - 5.9.6

Important Logging for Red Hat OpenShift - 5.9.6 Logging for Red Hat OpenShift - 5.9.6 cluster-logging-rhel9-operator: compat-openssl11CVE-2023-0286...

DEBIAN-CVE-2022-4967

strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch CWE-297. When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be...

UBUNTU-CVE-2022-4967

strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch CWE-297. When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be...

Amazon Linux 2 : oniguruma (ALAS-2023-2311)

The version of oniguruma installed on the remote host is prior to 5.9.6-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2311 advisory. An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through...

Zoom Client < 5.9.6 Package Update Vulnerability (ZSB-22003) - Mac OS X

The Zoom Client is prone to a package update vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zoom:zoom";...