7703 matches found
PT-2023-32349 · WordPress · The News & Blog Designer Pack
Name of the Vulnerable Software and Affected Versions: The News & Blog Designer Pack – WordPress Blog Plugin versions up to, and including, 3.4.1 Description: The issue is related to Remote Code Execution via Local File Inclusion. This is due to the bdp get more post function utilizing an unsafe...
WordPress News & Blog Designer Pack – WordPress Blog Plugin Plugin <= 3.4.1 is vulnerable to Remote Code Execution (RCE)
Software News & Blog Designer Pack – WordPress Blog Plugin Type Plugin Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-5815 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 968958ed229c Credits...
Friday Squid Blogging: Why There Are No Giant Squid in Aquariums
Theyre too big and we cant recreate their habitat. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
CVE-2023-36803
creationtimestamp| type| source ---|---|--- 2023-10-20 11:06:20+00:00| seen| https://t.me/CyberSecurityTechnologies/9230 2024-04-18 16:45:00+00:00| seen| https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html 2025-05-23 05:00:00+00:00| seen|...
coderedcms (>=2.0.0 <=2.1.4), puput (=1.2.0) +31 more potentially affected by CVE-2023-45809 via wagtail (>=4.2.4 <=5.0.0rc1)
wagtail PYPI version =4.2.4, =2.0.0, =0.1.0, =0.3.4, =0.0.1, =1.6.0, =0.18.0, =0.19.2 - wagtail-hallo =0.3.0 - wagtail-images-deduplicator =1.0.0a1 and more Source cves: CVE-2023-45809 Source advisory: OSV:PYSEC-2023-219...
GHSA-MJQ6-PV9C-QPPQ Arduino Create Agent path traversal - arbitrary file deletion vulnerability
Impact The vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can delete arbitrary files or folders...
Arduino Create Agent path traversal - arbitrary file deletion vulnerability
Impact The vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can delete arbitrary files or folders...
Input validation
The Enable Media Replace WordPress plugin before 4.1.3 unserializes user input via the Remove Background feature, which could allow Author+ users to perform PHP Object Injection when a suitable gadget is present on the blog...
CVE-2023-45102
Cross-Site Request Forgery CSRF vulnerability in OTWthemes Blog Manager Light plugin = 1.20 versions...
CVE-2023-45102
Cross-Site Request Forgery CSRF vulnerability in OTWthemes Blog Manager Light plugin = 1.20 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in OTWthemes Blog Manager Light plugin = 1.20 versions...
CVE-2023-45102 WordPress Blog Manager Light Plugin <= 1.20 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in OTWthemes Blog Manager Light plugin = 1.20 versions...
CVE-2023-45102 WordPress Blog Manager Light Plugin <= 1.20 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in OTWthemes Blog Manager Light plugin = 1.20 versions...
CVE-2023-45102
CVE-2023-45102 : Cross-Site Request Forgery in OTWthemes Blog Manager Light plugin (≤ 1.20). Exploitation requires an authenticated user? per Patchstack data, vulnerability permits unauthenticated actions. Patch/mitigation: update to a version higher than 1.20 (OTWthemes guidance references upgra...
PT-2023-29403 · Otwthemes · Otwthemes Blog Manager Light
Name of the Vulnerable Software and Affected Versions: OTWthemes Blog Manager Light plugin versions = 1.20 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the user is...
WordPress plugin Blog Manager Light Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...
CVE-2023-43641
creationtimestamp| type| source ---|---|--- 2023-10-09 21:49:13+00:00| published-proof-of-concept| https://t.me/thebugbountyhunter/7856 2023-10-10 02:16:12+00:00| seen| https://t.me/cibsecurity/71879 2023-10-10 08:52:14+00:00| seen| https://t.me/thehackernews/3985 2023-10-10 09:49:29+00:00| seen|...
emlog pro /content/templates/arbitrary file upload vulnerability
emlog is a lightweight blog and CMS builder based on PHP and MySQL. An arbitrary file upload vulnerability exists in emlog pro /content/templates/, which can be exploited by a remote attacker to submit a special request that can be used to upload a malicious file to execute arbitrary code in the...
WordPress Blog Manager Light Plugin <= 1.20 is vulnerable to Cross Site Request Forgery (CSRF)
Software Blog Manager Light Type Plugin Vulnerable versions = 1.20 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45102 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e898fef1cf21 Credits Mika Required...
CVE-2023-37995
Cross-Site Request Forgery CSRF vulnerability in Chetan Gole WP-CopyProtect Protect your blog posts plugin = 3.1.0 versions...