EUVD-2019-6774

Malware in sbrugna...

EUVD-2024-51751

Malicious code in bioql PyPI...

CVE-2019-15863

The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation with the none role via a request for variants...

📄 WordPress ConvertPlus 3.5.30 Denial of Service

The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the cpdismissnotice AJAX endpoint in all versions up to, and including, 3.5.30. CVE-2024-13800 Popup Plugin For WordPress - ConvertPlus...

CVE-2024-13800

The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cpdismissnotice' AJAX endpoint in all versions up to, and including, 3.5.30. This makes it possible for authenticated attackers,...

CVE-2024-13800

The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cpdismissnotice' AJAX endpoint in all versions up to, and including, 3.5.30. This makes it possible for authenticated attackers,...

CVE-2024-13800

The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cpdismissnotice' AJAX endpoint in all versions up to, and including, 3.5.30. This makes it possible for authenticated attackers,...

CVE-2024-13800 Popup Plugin For WordPress - ConvertPlus <= 3.5.30 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update

The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cpdismissnotice' AJAX endpoint in all versions up to, and including, 3.5.30. This makes it possible for authenticated attackers,...

CVE-2024-13800

The CVE-2024-13800 entry concerns the WordPress ConvertPlus plugin. A missing capability check on the cp_dismiss_notice AJAX endpoint allows authenticated users with Subscriber-level access and above to perform unauthorized modifications of data, enabling updates to option values (to '1') that ca...

CVE-2024-13800 Popup Plugin For WordPress - ConvertPlus <= 3.5.30 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update

The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cpdismissnotice' AJAX endpoint in all versions up to, and including, 3.5.30. This makes it possible for authenticated attackers,...

WordPress plugin ConvertPlus 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress ConvertPlus plugin <= 3.5.30 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Options Update vulnerability discovered by Lucio Sá in WordPress Plugin ConvertPlus versions = 3.5.30...

CVE-2024-4838

The ConvertPlus plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.26 via deserialization of untrusted input from the 'settingsencoded' attribute of the 'smilemodal' shortcode. This makes it possible for authenticated attackers, with...

CVE-2024-4838 ConvertPlus <= 3.5.26 - Authenticated (Contributor+) PHP Object Injection

The ConvertPlus plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.26 via deserialization of untrusted input from the 'settingsencoded' attribute of the 'smilemodal' shortcode. This makes it possible for authenticated attackers, with...

CVE-2024-4838

CVE-2024-4838 - ConvertPlus (WordPress) : A PHP Object Injection exists in all versions up to 3.5.26 via deserialization of untrusted input from the settings_encoded attribute of the smile_modal shortcode. Exploitation requires at least contributor-level authentication; there is no POP chain by d...

WordPress ConvertPlus plugin <= 3.5.26 - Authenticated (Contributor+) PHP Object Injection vulnerability

Authenticated Contributor+ PHP Object Injection vulnerability discovered by haidv35 in WordPress Plugin ConvertPlus versions = 3.5.26...

WordPress Plugin ConvertPlus 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress ConvertPlus Plugin <= 3.5.26 is vulnerable to PHP Object Injection

Software ConvertPlus Type Plugin Vulnerable versions = 3.5.26 Fixed in 3.5.26.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-4838 Patch priority Medium CVSS severity Medium 7.5 Developer Claim ownership PSID a94dcf4ccf5a Credits haidv35 Required privilege Contributo...

ConvertPlus < 3.5.26.1 - Authenticated (Contributor+) PHP Object Injection

Description The ConvertPlus plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.26 via deserialization of untrusted input from the 'settingsencoded' attribute of the 'smilemodal' shortcode. This makes it possible for authenticated attackers, with...

WordPress ConvertPlug plugin <= 3.5.25 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Arbitrary Options Update vulnerability discovered by M.Awad in WordPress Plugin ConvertPlus versions = 3.5.25...