18 matches found
phpMyFAQ security vulnerabilities
phpMyFAQ is a multilingual, database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ 4.0.16 and earlier contain security vulnerabilities. These vulnerabilities stem from authorization logic flaws, which may allow non-administrative users to trigger configuration backups and...
EUVD-2022-52185
Malicious code in bioql PyPI...
EUVD-2022-52186
Malicious code in bioql PyPI...
CVE-2022-4932
The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...
WordPress BackupWordPress Plugin < 3.13 Information Disclosure Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xibodevelopment:backupwordpress"; ifdescription...
CVE-2022-4932
The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...
CVE-2022-4932
The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...
CVE-2022-4932
The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...
CVE-2022-4931
The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...
CVE-2022-4931
The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...
Authorization
The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...
CVE-2022-4932 Total Upkeep <= 1.14.13 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure
The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...
CVE-2022-4932 Total Upkeep <= 1.14.13 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure
The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...
CVE-2022-4932
CVE-2022-4932 concerns the WordPress plugin Total Upkeep (versions up to and including 1.14.13). The root cause is missing authorization on the heartbeat_received() function triggered by WordPress heartbeat, enabling authenticated users with subscriber-level permissions and above to disclose info...
WordPress plugin BackupWordPress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...
PT-2023-15919 · WordPress · Total Upkeep
Name of the Vulnerable Software and Affected Versions: Total Upkeep plugin for WordPress versions up to, and including 1.14.13 Description: The issue is related to information disclosure due to missing authorization on the heartbeat received function, which triggers on WordPress heartbeat. This...
PT-2023-15918 · WordPress · Backupwordpress
Name of the Vulnerable Software and Affected Versions: BackupWordPress plugin for WordPress versions up to, and including 3.12 Description: The issue is related to information disclosure due to missing authorization on the heartbeat received function, which triggers on WordPress heartbeat. This...
WordPress plugin Total Upkeep 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...