16 matches found
EUVD-2019-6774
Malware in sbrugna...
EUVD-2024-51751
Malicious code in bioql PyPI...
CVE-2019-15863
The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation with the none role via a request for variants...
CVE-2024-13800
The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cpdismissnotice' AJAX endpoint in all versions up to, and including, 3.5.30. This makes it possible for authenticated attackers,...
CVE-2024-13800
The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cpdismissnotice' AJAX endpoint in all versions up to, and including, 3.5.30. This makes it possible for authenticated attackers,...
CVE-2024-13800
The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cpdismissnotice' AJAX endpoint in all versions up to, and including, 3.5.30. This makes it possible for authenticated attackers,...
CVE-2024-13800 Popup Plugin For WordPress - ConvertPlus <= 3.5.30 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update
The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cpdismissnotice' AJAX endpoint in all versions up to, and including, 3.5.30. This makes it possible for authenticated attackers,...
CVE-2024-13800 Popup Plugin For WordPress - ConvertPlus <= 3.5.30 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update
The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cpdismissnotice' AJAX endpoint in all versions up to, and including, 3.5.30. This makes it possible for authenticated attackers,...
CVE-2024-4838
CVE-2024-4838 - ConvertPlus (WordPress) : A PHP Object Injection exists in all versions up to 3.5.26 via deserialization of untrusted input from the settings_encoded attribute of the smile_modal shortcode. Exploitation requires at least contributor-level authentication; there is no POP chain by d...
WordPress ConvertPlus Plugin <= 3.5.26 is vulnerable to PHP Object Injection
Software ConvertPlus Type Plugin Vulnerable versions = 3.5.26 Fixed in 3.5.26.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-4838 Patch priority Medium CVSS severity Medium 7.5 Developer Claim ownership PSID a94dcf4ccf5a Credits haidv35 Required privilege Contributo...
WordPress Plugin ConvertPlus 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress ConvertPlus Plugin Input Validation Error Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.ConvertPlus is a popup plugin used in it. A security vulnerability exists in WordPress ConvertPlus plugin versions prior to 3.4.5. No...
CVE-2019-15863
The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation with the none role via a request for variants...
CVE-2019-15863
The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation with the none role via a request for variants...
Cross site request forgery (csrf)
The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation with the none role via a request for variants...
CVE-2019-15863
The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation with the none role via a request for variants...