CVE-2024-12428 WP Data Access – App, Table, Form and Chart Builder plugin <= 5.5.22 - Unauthenticated SQL Injection

The WP Data Access – App, Table, Form and Chart Builder plugin plugin for WordPress is vulnerable to SQL Injection via the 'orderuserlogindir' parameter in all versions up to, and including, 5.5.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

WordPress plugin NEX-Forms SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A SQL injection...

CVE-2024-10797 Full Screen Menu for Elementor <= 1.0.7 - Authenticated (Contributor+) Post Disclosure

The Full Screen Menu for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.7 via the Full Screen Menu Elementor Widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers,...

PT-2024-16892 · WordPress · Page Restriction Wordpress

Name of the Vulnerable Software and Affected Versions: Page Restriction WordPress WP – Protect WP Pages/Post plugin versions up to, and including, 1.3.6 Description: The issue allows unauthenticated attackers to extract sensitive data from posts restricted to higher-level roles, such as...

CVE-2024-11912 Traveler <= 3.1.6 - Unauthenticated SQL Injection via order_id

The Travel Booking WordPress Theme theme for WordPress is vulnerable to blind time-based SQL Injection via the ‘orderid’ parameter in all versions up to, and including, 3.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

CVE-2024-12061 Events Addon for Elementor <= 2.2.3 - Authenticated (Contributor+) Post Disclosure

The Events Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.3 via the naeventselementortemplate shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, wi...

CVE-2024-12061

The CVE CVE-2024-12061 affects the Events Addon for Elementor (WordPress) with Information Exposure in versions up to 2.2.3 via the naevents_elementor_template shortcode. The issue stems from insufficient restrictions on which posts can be included, enabling authenticated attackers with Contribut...

WordPress plugin Collapsing Categories SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A SQL injection...

WordPress plugin Simple Page Access Restriction 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

CVE-2024-11711

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'resumeid' parameter in all versions up to, and including, 2.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2024-11711

CVE-2024-11711 affects the WP Job Portal – A Complete Recruitment System for WordPress plugin. Connected sources document an unauthenticated SQL Injection via the resumeid parameter in all versions up to 2.2.1 due to insufficient escaping and lack of proper SQL query preparation, enabling an atta...

CVE-2024-12578

CVE-2024-12578 affects the Tickera – WordPress Event Ticketing plugin for WordPress. The vulnerability is an information disclosure via the unprotected tickera_tickets_info endpoint, allowing unauthenticated access to sensitive booking data (full names, email addresses, check-in/out timestamps, a...

CVE-2024-12578 Tickera – WordPress Event Ticketing <= 3.5.4.8 - Unauthenticated Customer Data Exposure

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.5.4.8 via the 'tickeraticketsinfo' endpoint. This makes it possible for unauthenticated attackers to extract sensitive data from bookings like full names, ema...

WordPress plugin WP Job Portal SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

WordPress plugin WP Job Portal SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

CVE-2019-25221

CVE-2019-25221 affects the WordPress plugin Responsive Filterable Portfolio (versions ≤ 1.0.8). Root cause: insufficient escaping and lack of prepared statements in the SQL query, via the id parameter, enabling unauthenticated SQL injection to extract DB data. Evidence indicates the vendor patche...

CVE-2024-11181 Greenshift – animation and page builder blocks <= 9.9.9.3 - Authenticated (Contributor+) Post Disclosure

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 9.9.9.3 via the 'wpreusablerender' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticate...

CVE-2024-11181 Greenshift – animation and page builder blocks <= 9.9.9.3 - Authenticated (Contributor+) Post Disclosure

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 9.9.9.3 via the 'wpreusablerender' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticate...

UBUNTU-CVE-2024-47546

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extractccfromdata function within qtdemux.c. In the FOURCCc708 case, the subtraction atomlength - 8 may result in an underflow if atomlength is less than 8. When that subtraction...

WordPress plugin SQL Chart Builder SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...