CVE-2024-1568

The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApiHtmlCheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to...

CVE-2024-1568

The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApiHtmlCheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to...

Server side request forgery (ssrf)

The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApiHtmlCheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to...

CVE-2024-1568

The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApiHtmlCheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to...

CVE-2024-1568

The CVE CVE-2024-1568 affects the Seraphinite Accelerator plugin for WordPress. It enables SSRF via OnAdminApi_HtmlCheck in all versions up to 2.20.52, allowing authenticated users with subscriber-level access or higher to issue web requests from the web application to arbitrary internal location...

CVE-2024-1568 Seraphinite Accelerator <= 2.20.52 - Authenticated (Subscriber+) Server-Side Request Forgery in OnAdminApi_HtmlCheck

The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApiHtmlCheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to...

WordPress Seraphinite Accelerator Plugin <= 2.20.52 is vulnerable to Server Side Request Forgery (SSRF)

Software Seraphinite Accelerator Type Plugin Vulnerable versions = 2.20.52 Fixed in 2.21 OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2024-1568 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID 699713e041d9 Credits Luci...

WordPress Plugin Seraphinite Accelerator Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Seraphinite Accelerator < 2.21 - Authenticated (Subscriber+) Server-Side Request Forgery in OnAdminApi_HtmlCheck

Description The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApiHtmlCheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web...

PT-2024-18139 · WordPress · Seraphinite Accelerator

Name of the Vulnerable Software and Affected Versions: Seraphinite Accelerator plugin for WordPress versions up to, and including, 2.20.52 Description: The issue allows authenticated attackers with subscriber-level access and above to make web requests to arbitrary locations originating from the...

virt:kvm_utils1 security update

hivex libguestfs libguestfs-winsupport libiscsi libnbd libvirt 5.7.0-41 - qemumonitor: Add defensive protection on mon-msg Wim ten Have Orabug: 35699260 - vircpi: Add PCIe 5.0 and 6.0 link speeds Michal Privoznik Orabug: 35496776 - qemuProcessSetupVcpusVnuma: add NULL check for def-cpu Shaleen...

Security Bulletin: Mutiple Vulnerabilties affects IBM Watson Machine Learning Accelerator 3.5.0 for Cloud Pak for Data 4.6.5

Summary IBM Watson Machine Learning Accelerator 3.5.0 for Cloud Pak for Data 4.6.5 is affected by multiple vulnerabilities. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2022-3697 DESCRIPTION: Ansible Collections Amazon AWS Collection...

EulerOS Virtualization 2.10.0 : qemu (EulerOS-SA-2023-3487)

According to the versions of the qemu package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and...

EulerOS Virtualization 2.10.1 : qemu (EulerOS-SA-2023-3515)

According to the versions of the qemu package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and...

Seraphinite Accelerator < 2.20.48 - Unauthenticated Sensitive Information Exposure via Log File

Description The plugin is vulnerable to Sensitive Information Exposure, allowing unauthenticated attackers to extract sensitive user or configuration data from log files...

Ubuntu: Security Advisory (USN-6567-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6567-1: QEMU vulnerabilities

Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the USB xHCI controller device. A privileged guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2020-14394 It w...

USN-6567-1 qemu vulnerabilities

Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the USB xHCI controller device. A privileged guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2020-14394 It w...

WordPress Seraphinite Accelerator Plugin <= 2.20.47 is vulnerable to Sensitive Data Exposure

Software Seraphinite Accelerator Type Plugin Vulnerable versions = 2.20.47 Fixed in 2.20.48 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-22138 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID fd61ed488abd...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : QEMU vulnerabilities (USN-6567-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6567-1 advisory. Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the USB xHCI controller device. A privileged guest attack...