WordPress plugin MagicForm 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-12861

The W2S – Migrate WooCommerce to Shopify plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.2.1 via the 'viw2sviewlog' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of...

WordPress plugin RepairBuddy 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Ultimate Member 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-38738 · WordPress · The Fileorganizer

Name of the Vulnerable Software and Affected Versions: The FileOrganizer – Manage WordPress and Website Files plugin for WordPress versions up to, and including, 1.0.9 Description: The issue is related to arbitrary file uploads due to missing file type validation in the fileorganizer ajax handler...

CVE-2024-8507

The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9. This is due to missing or incorrect nonce validation on the 'mkfilefoldermanager' ajax action. This makes it possible for unauthenticated attackers to upload arbitrar...

PT-2024-11908

Name of the Vulnerable Software and Affected Versions Sassy Social Share plugin for WordPress versions up to, and including, 3.3.3 Description The issue is related to Reflected Cross-Site Scripting via the urls parameter called via the heateor sss sharing count AJAX action due to insufficient inp...

PT-2024-11041 · WordPress · Premium Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Premium Addons for Elementor versions up to, and including, 4.5.1 Premium Addons for Elementor versions prior to 2e5b3608-1dfc-468f-b3ae-12ce7c25ee6c Description: The issue is due to missing capability and nonce checks in the pa dismiss admin...

WordPress plugin Photo Gallery, Images, Slider in Rbs Image Gallery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

SourceCodester Tracking Monitoring Management System SQL注入漏洞

SourceCodester Tracking Monitoring Management System is a monitoring management system from SourceCodester Inc. A SQL injection vulnerability exists in SourceCodester Tracking Monitoring Management System version 1.0, which is caused by an SQL injection vulnerability in the id parameter of the...

CVE-2024-5765

The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

VulnCheck KEV: CVE-2024-6753

The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mapTypes’ parameter in the 'wpwautopostermapwordpressposttype' AJAX function in all versions up to, and including, 5.3.14 due to insufficient input sanitization and output escaping. This...

WordPress plugin ProfileGrid security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-37195 · WordPress · Comment Images Reloaded

Name of the Vulnerable Software and Affected Versions: Comment Images Reloaded plugin for WordPress versions up to, and including, 2.2.1 Description: The issue is related to a missing capability check on the cir delete image AJAX action. This allows authenticated attackers with Subscriber-level...

PT-2024-29200 · WordPress · Pricing Table

Name of the Vulnerable Software and Affected Versions: Pricing Table plugin for WordPress versions up to, and including, 2.0.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajax function. This allows unauthenticated attackers t...

CVE-2024-5860

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tcdldeletetickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level...

The vulnerability of the wpDataTables plugin (Premium) in the WordPress content management system allows a hacker to execute arbitrary SQL queries.

The vulnerability of the wpDataTables plugin Premium in the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries through the idkey parameter in the...

PT-2024-32074 · WordPress · Wp Reset

Name of the Vulnerable Software and Affected Versions: WP Reset plugin for WordPress versions up to, and including, 2.02 Description: The issue is related to a missing capability check on the save ajax function, allowing authenticated attackers with subscriber-level access and above to modify the...

WordPress plugin ApplyOnline Application Form Builder and Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

UBUNTU-CVE-2024-32491

An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file via a manipulated AJAX Request to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available...