241 matches found
VulnCheck KEV: CVE-2022-0885
The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments...
PT-2024-38901 · WordPress · Frontend Dashboard
Name of the Vulnerable Software and Affected Versions: Frontend Dashboard plugin for WordPress versions up to, and including, 2.2.4 Description: The issue is related to insufficient filtering on callable methods/functions via the ajax request function, allowing authenticated attackers with...
CVE-2024-7858
The Media Library Folders plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several AJAX functions in the media-library-plus.php file in all versions up to, and including, 8.2.3. This makes it possible for authenticated attackers, with subscriber-level...
WordPress Just Custom Fields plugin <= 3.3.2 - Cross-Site Request Forgery via AJAX actions vulnerability
Cross-Site Request Forgery via AJAX actions vulnerability discovered by Francesco Carlucci in WordPress Plugin Just Custom Fields versions = 3.3.2...
WordPress plugin Popup Builder security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in the...
WordPress Popup Builder plugin <= 4.3.0 - Missing Authorization in Multiple AJAX Actions vulnerability
Missing Authorization in Multiple AJAX Actions vulnerability discovered by Alex Thomas in WordPress Plugin Popup Builder versions = 4.3.0...
WordPress plugin ARForms security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2024-5087
The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validateajax, deactivateajax, and saveajax functions in all versions up to, and including, 2.38. This makes it possible for authenticated...
WordPress plugin The Moneytizer security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-15150 · WordPress · The Moneytizer
Name of the Vulnerable Software and Affected Versions: The Moneytizer plugin for WordPress versions up to, and including, 9.5.20 Description: The issue is due to missing or incorrect nonce validation on multiple AJAX functions, making it possible for unauthenticated attackers to update and retrie...
PT-2024-18325 · WordPress · Analytify – Google Analytics Dashboard For Wordpress
Name of the Vulnerable Software and Affected Versions: The Analytify – Google Analytics Dashboard For WordPress plugin for WordPress versions up to, and including, 5.2.3 Description: The issue allows authenticated attackers with subscriber access or higher to obtain certain sensitive information...
WordPress plugin Control Menu Visibility 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress plugin Advanced Post Block 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-26958
A use-after-free flaw was found in fs/nfs/direct.c in the Linux kernel. This may lead to a crash...
CVE-2024-26958 nfs: fix UAF in direct writes
In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------ cut here ------------ refcountt: underflow; use-after-free. WARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28...
CVE-2024-26958
CVE-2024-26958 is a Linux kernel vulnerability in the NFS direct write path that could cause use-after-free (refcount underflow) when completing nfs_direct_request twice in a row. A patch fixes the double-completion scenario; the CVSS 3.1 base score is 7.8 (High) with Local attack and High impact...
CVE-2024-26958
In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------ cut here ------------ refcountt: underflow; use-after-free. WARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28...
DEBIAN-CVE-2024-32491
An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file via a manipulated AJAX Request to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available...
WordPress plugin WooCommerce Customers Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-0421
The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts...