CVE-2024-48809

CVE-2024-48809 affects Open Networking Foundations sdran-in-a-box v1.4.3 and onos-a1t v0.2.3. The issue enables a remote attacker to cause a denial of service via the onos-a1t component, specifically the DeleteWatcher function. Public references corroborate the DoS impact but do not provide explo...

PT-2024-33235 · Open Networking Foundation · Onos-A1T +1

Name of the Vulnerable Software and Affected Versions: Open Networking Foundations sdran-in-a-box version 1.4.3 Open Networking Foundations onos-a1t version 0.2.3 Description: A denial of service issue allows a remote attacker to cause a disruption in service via the DeleteWatcher function in the...

CVE-2024-43235

Missing Authorization vulnerability in MetaBox.Io Meta Box – WordPress Custom Fields Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta Box – WordPress Custom Fields Framework: from n/a through 5.9.10...

CVE-2024-37096

Missing Authorization vulnerability in Popup Box Team Popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup box: from n/a through 4.5.1...

CVE-2024-37096 WordPress Popup box plugin <= 4.5.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Popup Box Team Popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup box: from n/a through 4.5.1...

CVE-2024-37096

CVE-2024-37096 — WordPress Popup Box plugin contains a missing/incorrectly configured authorization mechanism up to version 4.5.1. The vulnerability is described as Missing Authorization, with a CVSS base score of 4.3 (Medium) and attack vector over the network, requiring low privileges and no us...

CVE-2024-37096 WordPress Popup box plugin <= 4.5.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Popup Box Team Popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup box: from n/a through 4.5.1...

CVE-2024-43235 WordPress Meta Box plugin <= 5.9.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in MetaBox.Io Meta Box – WordPress Custom Fields Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta Box – WordPress Custom Fields Framework: from n/a through 5.9.10...

CVE-2024-43235

CVE-2024-43235 concerns Meta Box – WordPress Custom Fields Framework. Several connected sources confirm a Missing Authorization vulnerability (broken access control) affecting the Meta Box plugin up to version 5.9.10. The CVSS 3.1 base metrics show Network attack vector, Low attack complexity, Pr...

CVE-2024-43235 WordPress Meta Box plugin <= 5.9.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in MetaBox.Io Meta Box – WordPress Custom Fields Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta Box – WordPress Custom Fields Framework: from n/a through 5.9.10...

PT-2024-30398 · WordPress · Meta Box

Name of the Vulnerable Software and Affected Versions: Meta Box – WordPress Custom Fields Framework versions through 5.9.10 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: F...

WordPress plugin Meta Box 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress plugin Popup box 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Flash Show And Hide Box Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Flash Show And Hide Box Type Plugin Vulnerable versions = 1.6 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-51656 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 61be485fbb22 Credits SOPROBRO Requir...

PT-2024-27294 · Popup Box · Popup Box

Name of the Vulnerable Software and Affected Versions: Popup box versions n/a through 4.5.1 Description: The issue is related to a Missing Authorization vulnerability in Popup Box Team Popup, which allows exploiting incorrectly configured access control security levels. Recommendations: For...

WordPress WP Feature Box plugin <= 0.1.3 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin WP Feature Box versions = 0.1.3...

WordPress WP Feature Box Plugin <= 0.1.3 is vulnerable to Cross Site Scripting (XSS)

Software WP Feature Box Type Plugin Vulnerable versions = 0.1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51611 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cf990022caf8 Credits SOPROBRO Required privilege Contributor...

CVE-2024-10226

The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 2.1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-10266

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video Box widget in all versions up to, and including, 4.10.60 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-10266

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video Box widget in all versions up to, and including, 4.10.60 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...