WordPress Backuply – Backup, Restore, Migrate and Clone plugin <= 1.3.4 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by bart in WordPress Plugin Backuply – Backup, Restore, Migrate and Clone versions = 1.3.4...

CVE-2022-2446

The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'currentthemeroot' parameter in versions up to, and including 1.2.9. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will...

CVE-2022-2446

The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'currentthemeroot' parameter in versions up to, and including 1.2.9. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will...

WordPress WP Editor plugin <= 1.2.9 - Authenticated (Admin+) PHAR Deserialization vulnerability

Authenticated Admin+ PHAR Deserialization vulnerability discovered by Rasoul Jahanshahi in WordPress Plugin WP Editor versions = 1.2.9...

VulnCheck KEV: CVE-2024-8190

Ivanti Cloud Services Appliance CSA contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS...

CVE-2024-32848

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution...

CVE-2024-34785

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution...

CVE-2024-32843

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution...

CVE-2024-32842

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution...

CVE-2024-45323

An improper access control vulnerability CWE-284 in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permissions in his profile and restricted to a specific organization to access backend logs that include...

CVE-2024-45323

An improper access control vulnerability CWE-284 in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permissions in his profile and restricted to a specific organization to access backend logs that include...

WordPress Customizer Export/Import plugin <= 0.9.7 - Authenticated (Admin+) Arbitrary File Upload via Customization Settings Import vulnerability

Authenticated Admin+ Arbitrary File Upload via Customization Settings Import vulnerability discovered by Luk6785 in WordPress Plugin Customizer Export/Import versions = 0.9.7...

WordPress Cab fare calculator plugin <= 1.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Juampa Rodríguez in WordPress Plugin Cab fare calculator versions = 1.1.6...

WordPress Theme Editor plugin <= 2.8 - Authenticated (Admin+) PHAR Deserialization vulnerability

Authenticated Admin+ PHAR Deserialization vulnerability discovered by Rasoul Jahanshahi in WordPress Plugin Theme Editor versions = 2.8...

WordPress AdRotate plugin <= 5.13.2 - Authenticated (Admin+) Double Extension Arbitrary File Upload vulnerability

Authenticated Admin+ Double Extension Arbitrary File Upload vulnerability discovered by Jorgson in WordPress Plugin AdRotate versions = 5.13.2...

WordPress Cookie Notice & Compliance for GDPR / CCPA plugin <= 2.4.17.1 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by c3p0d4y in WordPress Plugin Cookie Notice & Compliance for GDPR / CCPA versions = 2.4.17.1...

CVE-2024-37373

Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE...

CVE-2024-41960

mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is executed whenever the configuration page is viewed, enabling the attacker to execute arbitrary scrip...

PT-2024-5829 · Mailcow · Mailcow

Name of the Vulnerable Software and Affected Versions: mailcow: dockerized versions prior to 2024-07 Description: The issue is related to the Relay Hosts configuration, where an authenticated admin user can inject a JavaScript payload. This payload is executed when the configuration page is viewe...

mailcow 安全漏洞

mailcow is a mail server suite from mailcow open source. A security vulnerability exists in versions prior to mailcow 2024-07 that originates from an authenticated administrator user being able to inject a JavaScript payload into the relay host configuration, which could allow an attacker to...