PT-2024-39946

Name of the Vulnerable Software and Affected Versions Wux Blog Editor plugin for WordPress versions up to, and including, 3.0.0 Description The issue is related to authentication bypass due to missing validation on the token supplied during autologin through the plugin. This allows unauthenticate...

PT-2024-39947

Name of the Vulnerable Software and Affected Versions Wux Blog Editor plugin for WordPress versions up to and including 3.0.0 Description The Wux Blog Editor plugin for WordPress is susceptible to arbitrary file uploads due to inadequate file type validation within the wuxbt insertImageNew...

WordPress plugin Wux Blog Editor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Wux Blog Editor 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress Wux Blog Editor plugin <= 3.0.0 - Authentication Bypass to Administrator vulnerability

Authentication Bypass to Administrator vulnerability discovered by István Márton in WordPress Plugin Wux Blog Editor versions = 3.0.0...

WordPress Wux Blog Editor plugin <= 3.0.0 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by István Márton in WordPress Plugin Wux Blog Editor versions = 3.0.0...

UNC5820 Exploits FortiManager Zero-Day Vulnerability (CVE-2024-47575)

Fortinet and Mandiant investigated the mass exploitation of FortiManager devices via CVE-2024-47575, impacting 50+ systems across industries. Threat…...

WordPress Wux Blog Editor Plugin <= 3.0.0 is vulnerable to Broken Authentication

Software Wux Blog Editor Type Plugin Vulnerable versions = 3.0.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9931 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 140fce8f5a83 Credits István...

WordPress Wux Blog Editor Plugin <= 3.0.0 is vulnerable to Arbitrary File Upload

Software Wux Blog Editor Type Plugin Vulnerable versions = 3.0.0 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-9932 Patch priority High CVSS severity High 10 Developer Claim ownership PSID fb6562f2b82e Credits István Márton Required privilege...

CVE-2024-46996

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Blog posts feature. Version 5.1.2 fixes this issue...

CVE-2024-46994

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in Blog posts and Contents list Feature. Version 5.1.2 fixes this issue...

Cross-site Scripting (XSS)

Overview baserproject/basercms is a Content management system based on CakePHP. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the blog posts and contents list feature. An attacker can manipulate web page content or redirect users to malicious websites. Details...

CVE-2024-46996

baserCMS (CMS framework) has a Cross-site Scripting (XSS) vulnerability in the Blog posts feature affecting versions prior to 5.1.2. The issue is addressed by upgrading to a fixed release (5.1.2 or newer; some sources list 5.1.3 as the update path). Multiple connected advisories confirm the affec...

CVE-2024-46996 baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Blog posts feature. Version 5.1.2 fixes this issue...

CVE-2024-46994

CVE-2024-46994 concerns baserCMS. A cross-site scripting (XSS) vulnerability exists in the Blog posts and Contents list feature for versions prior to 5.1.2; version 5.1.2 contains the fix. Publicly documented analyses and advisories (including JVN and RH) corroborate the issue and list remediatio...

CVE-2024-46994 baserCMS has Cross-site Scripting Vulnerability in Blog posts and Contents list Feature

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in Blog posts and Contents list Feature. Version 5.1.2 fixes this issue...

CVE-2024-46994 baserCMS has Cross-site Scripting Vulnerability in Blog posts and Contents list Feature

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in Blog posts and Contents list Feature. Version 5.1.2 fixes this issue...

CVE-2024-46994 baserCMS has Cross-site Scripting Vulnerability in Blog posts and Contents list Feature

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in Blog posts and Contents list Feature. Version 5.1.2 fixes this issue...

baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature

XSS vulnerability in Blog posts feature to baserCMS. Target baserCMS 5.1.1 and earlier versions Vulnerability Malicious code may be executed in Blog posts feature. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more information...

GHSA-66JV-QRM3-VVFG baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature

XSS vulnerability in Blog posts feature to baserCMS. Target baserCMS 5.1.1 and earlier versions Vulnerability Malicious code may be executed in Blog posts feature. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more information...