PT-2024-24615 · Znuny +1 · Znuny +2

Name of the Vulnerable Software and Affected Versions: Znuny LTS versions 6.5.1 through 6.5.7 Znuny versions 7.0.1 through 7.0.16 Description: An issue was discovered where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request. Recommendations: For Znuny LTS...

WordPress Plugin Poll Maker 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Plugin Video Conferencing with Zoom 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress MasterStudy LMS plugin <= 3.3.1 - Unauthenticated Privilege Escalation via stm_lms_register AJAX Action vulnerability

Unauthenticated Privilege Escalation via stmlmsregister AJAX Action vulnerability discovered by Hiroho Shimada in WordPress Plugin MasterStudy LMS versions = 3.3.1...

CVE-2023-4729

The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the publishlp function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to change the LadiPage key a key fully controll...

PT-2024-13434 · WordPress · Ladiapp

Name of the Vulnerable Software and Affected Versions: LadiApp plugin for WordPress versions up to, and including, 4.4 Description: The issue arises from a missing capability check on the publish lp function, which is hooked via an AJAX action. This allows authenticated attackers with...

DEBIAN-CVE-2023-52508

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: Prevent null pointer dereference in nvmefciogetuuid The nvmefcfcpop structure describing an AEN operation is initialized with a null request structure pointer. An FC LLDD may make a call to nvmefciogetuuid passing a...

WordPress plugin Cookie Information | Free GDPR Consent Solution Security Breach

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Plugin File Manager Pro Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress plugin Qyrr security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-32305 · Supsystic · Digital Publications By Supsystic

Name of the Vulnerable Software and Affected Versions: Digital Publications by Supsystic plugin for WordPress versions up to, and including, 1.7.6 Description: The issue is due to missing or incorrect nonce validation on the AJAX action handler, making it possible for unauthenticated attackers to...

VulnCheck KEV: CVE-2022-0784

The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpextitles AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection...

VulnCheck KEV: CVE-2022-0781

The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an SQL injection...

CVE-2023-4284

The Post Timeline WordPress plugin before 2.2.6 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2023-28614 · WordPress · Post Timeline

Name of the Vulnerable Software and Affected Versions: The Post Timeline WordPress plugin versions prior to 2.2.6 Description: The issue is related to a Reflected Cross-Site Scripting that could be used against high privilege users, such as admin. This occurs because the plugin does not sanitise...

CVE-2023-4600

The AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'affwpactivateaddonspageplugin' function called via an AJAX action in versions up to, and including, 2.14.0. This makes it possible for authenticated attackers, with...

CVE-2023-3244

The Comments Like Dislike plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the restoresettings function called via an AJAX action in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers with minimal...

WordPress Plugin Event Espresso 4 Decaf 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

PT-2023-11871 · WordPress · 2J-Slideshow Plugin

Name of the Vulnerable Software and Affected Versions: 2J-SlideShow Plugin for WordPress versions up to, and including, 1.3.31 Description: The issue is related to authorization bypass due to a missing capability check on the twoj slideshow setup function. This function is called via the "wp ajax...

PT-2023-22343 · Prestashop · Prestashop Jmspagebuilder

Name of the Vulnerable Software and Affected Versions: PrestaShop jmspagebuilder version 3.x Description: The issue is related to SQL Injection via the ajax jmspagebuilder.php file. Recommendations: For PrestaShop jmspagebuilder version 3.x, consider restricting access to the ajax...