PT-2024-38461 · WordPress · Wp Delicious – Recipe Plugin

Name of the Vulnerable Software and Affected Versions: The WP Delicious – Recipe Plugin for Food Bloggers plugin for WordPress versions up to, and including, 1.6.9 Description: The issue is related to insufficient file path validation in the save edit profile details function, allowing...

Magento Sites Targeted with Sneaky Credit Card Skimmer via Swap Files

Threat actors have been observed using swap files in compromised websites to conceal a persistent credit card skimmer and harvest payment information. The sneaky technique, observed by Sucuri on a Magento e-commerce site's checkout page, allowed the malware to survive multiple cleanup attempts, t...

Exploit for Improper Authentication in Elementor Website_Builder

CVE-2023-47504 POC Exploit for CVE-2023-47504. According to N...

WP Fastest Cache < 1.2.7 - Admin+ Arbitrary File Deletion

Description The plugin for WordPress is vulnerable to Directory Traversal via the specificDeleteCache function. This makes it possible for authenticated attackers to delete arbitrary files on the server, which can include wp-config.php files of the affected site or other sites in a shared hosting...

PT-2024-38572 · Bit Form · The Contact Form By Bit Form

Name of the Vulnerable Software and Affected Versions: The Contact Form by Bit Form versions 2.0 through 2.13.9 Description: The issue is related to insufficient file path validation in multiple functions, allowing authenticated attackers with Administrator-level access and above to read and dele...

CVE-2024-3376

A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file config.php. The manipulation of the argument url leads to execution after redirect. It is possible to initiate the attack remotely. The explo...

CVE-2024-3376 SourceCodester Computer Laboratory Management System config.php redirect

A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file config.php. The manipulation of the argument url leads to execution after redirect. It is possible to initiate the attack remotely. The explo...

CVE-2024-3376 SourceCodester Computer Laboratory Management System config.php redirect

A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file config.php. The manipulation of the argument url leads to execution after redirect. It is possible to initiate the attack remotely. The explo...

CVE-2024-3376

CVE-2024-3376 affects SourceCodester Computer Laboratory Management System 1.0. The vulnerability is in the config.php file, where manipulation of the url parameter leads to execution after redirect, enabling remote initiation of an attack. Exploit details are publicly disclosed per the sources. ...

Computer Laboratory Management System 安全漏洞

Computer Laboratory Management System is a computer laboratory management system. A security vulnerability exists in SourceCodester Computer Laboratory Management System version 1.0, which originates from a security flaw in the parameter url of the config.php file...

GHSA-9XVF-CJVF-FF5Q WP Crontrol vulnerable to possible RCE when combined with a pre-condition

Impact WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability in this feature on its own, there exists potential f...

CVE-2024-29515

File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file to the save.php and config.php component...

LeptonCMS 安全漏洞

LeptonCMS is a content management system CMS from the Lepton Project. A security vulnerability exists in LeptonCMS version v.7.1.0. A remote attacker can exploit this vulnerability to execute arbitrary code by uploading specially crafted PHP files to the save.php and config.php components...

CVE-2024-29515

The CVE is for LeptonCMS v7.1.0 (Lepton) and describes a File Upload vulnerability that enables a remote authenticated attacker to execute arbitrary PHP code by uploading crafted files to the save.php and config.php components. The root cause, as reflected across multiple sources, is improper han...

CVE-2024-1026 Cogites eReserv config.php cross site scripting

A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. This issue affects some unknown processing of the file front/admin/config.php. The manipulation of the argument id with the input %22%3E%3Cscript%3Ealert%27XSS%27%3C/script%3E leads to cross site scripting. The...

Cogites eReserv Cross-Site Scripting Vulnerability

Cogites eReserv is an online reservation management software from Cogites. A cross-site scripting vulnerability exists in Cogites eReserv version 7.7.58, which stems from a cross-site scripting vulnerability in the /front/admin/config.php file...

Directory traversal

The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.24.2 via the Recurring Import functionality. This makes it possible for authenticated attackers, with administrator access and above, to read and delete the...

PT-2023-32829

Name of the Vulnerable Software and Affected Versions Backup Migration plugin for WordPress versions up to, and including, 1.3.9 Description The issue allows unauthenticated attackers to perform Path Traversal via the content-backups and content-name, content-manifest, or content-bmitmp and...

CVE-2023-6559

The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary...

Design/Logic Flaw

The Frontend File Manager Plugin WordPress plugin before 22.6 has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as wp-config.php...