46 matches found
EUVD-2022-51849
Malicious code in bioql PyPI...
EUVD-2024-32527
Malicious code in bioql PyPI...
EUVD-2023-33835
Malicious code in bioql PyPI...
CVE-2024-31245
Insertion of Sensitive Information into Log File vulnerability in ConvertKit.This issue affects ConvertKit: from n/a through 2.4.5...
CVE-2024-3961
The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tagsubscriber function in all versions up to, and including, 2.4.9. This makes it possible for...
CVE-2023-2337
The ConvertKit WordPress plugin before 2.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2022-4508
The ConvertKit WordPress plugin before 2.0.5 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privile...
CVE-2024-3961
The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tagsubscriber function in all versions up to, and including, 2.4.9. This makes it possible for...
CVE-2024-3961
The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tagsubscriber function in all versions up to, and including, 2.4.9. This makes it possible for...
CVE-2024-3961 ConvertKit <= 2.4.9 - Missing Authorization
The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tagsubscriber function in all versions up to, and including, 2.4.9. This makes it possible for...
CVE-2024-3961 ConvertKit <= 2.4.9 - Missing Authorization
The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tagsubscriber function in all versions up to, and including, 2.4.9. This makes it possible for...
CVE-2024-3961
CVE-2024-3961 affects the ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages WordPress plugin up to version 2.4.9. The vulnerability arises from a missing capability check in the tag_subscriber function, enabling unauthenticated attackers to subscribe users to tags, pot...
WordPress plugin ConvertKit security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-28551 · WordPress · Convertkit
Name of the Vulnerable Software and Affected Versions: The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress versions up to, and including, 2.4.9 Description: The issue is related to a missing capability check on the tag subscriber function, allowi...
WordPress ConvertKit plugin <= 2.4.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by 1337Wannabe in WordPress Plugin ConvertKit versions = 2.4.9...
WordPress ConvertKit Plugin <= 2.4.9 is vulnerable to Broken Access Control
Software ConvertKit Type Plugin Vulnerable versions = 2.4.9 Fixed in 2.4.9.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3961 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 776377354ccc Credits 1337Wannabe Required privilege...
ConvertKit < 2.4.6 - Unauthenticated Sensitive Information Exposure
Description The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.5 via log files. This makes it possible for unauthenticated attackers to extract sensitive...
CVE-2024-31245
Insertion of Sensitive Information into Log File vulnerability in ConvertKit.This issue affects ConvertKit: from n/a through 2.4.5...
CVE-2024-31245
Insertion of Sensitive Information into Log File vulnerability in ConvertKit.This issue affects ConvertKit: from n/a through 2.4.5...
CVE-2024-31245
CVE-2024-31245 is an unauthenticated Information Exposure vulnerability in ConvertKit (WordPress plugin) affecting versions up to 2.4.5. The issue involves insertion of sensitive information into log files, with confidentiality impact rated High. Exploitation details are not provided in the suppl...