WordPress plugin Accept Stripe Payments Using Contact Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress plugin Accept...

CVE-2024-12294

The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the 'getlegacycookies' function. This makes it possible for unauthenticated attackers to extract sensitive data including titles and permalinks ...

CVE-2024-12294

CVE-2024-12294 — The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to Sensitive Information Exposure via get_legacy_cookies, affecting all versions up to 1.0.1. Unauthenticated attackers can obtain titles and permalinks of private, password-protected, pending, and draft posts...

CVE-2024-11106

The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.7 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...

CVE-2024-12270 Beautiful Taxonomy Filters <= 2.4.3 - Unauthenticated SQL Injection

The Beautiful taxonomy filters plugin for WordPress is vulnerable to SQL Injection via the 'selects0term' parameter in all versions up to, and including, 2.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2024-11728

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to SQL Injection via the 'visittypeserviceid' parameter of the taxcalculateddata AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2024-10692

The PowerPack Elementor Addons Free Widgets, Extensions and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 via the Content Reveal widget due to insufficient restrictions on which posts can be included. This makes it possible for...

CVE-2024-10692 PowerPack Elementor Addons (Free Widgets, Extensions and Templates) <= 2.8.1 - Authenticated (Contributor+) Post Disclosure

The PowerPack Elementor Addons Free Widgets, Extensions and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 via the Content Reveal widget due to insufficient restrictions on which posts can be included. This makes it possible for...

CVE-2024-10247 YouTube Gallery and Vimeo Gallery Plugin <= 2.4.2 - Authenticated (Administrator+) SQL Injection

The Video Gallery – Best WordPress YouTube Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

PT-2024-17216 · WordPress · Kivicare

Name of the Vulnerable Software and Affected Versions: KiviCare – Clinic & Patient Management System EHR plugin for WordPress versions up to, and including, 3.6.4 Description: The issue concerns a SQL Injection vulnerability via the visit typeservice id parameter of the "tax calculated data" AJAX...

Audio Multimodality: Expanding AI Interaction with Spring AI and OpenAI

This blog post is co-authored by our great contributor Thomas Vitale. OpenAI provides specialized models for speech-to-text and text-to-speech conversion, recognized for their performance and cost-efficiency. Spring AI integrates these capabilities via Voice-to-Text and Text-to-Speech TTS. The ne...

CVE-2024-10787

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers...

CVE-2024-12099 Dollie Hub – Build Your Own WordPress Cloud Platform <= 6.2.0 - Authenticated (Contributor+) Post Disclosure

The Dollie Hub – Build Your Own WordPress Cloud Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.2.0 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for...

PT-2024-16546 · WordPress · La-Studio Element Kit

Name of the Vulnerable Software and Affected Versions: LA-Studio Element Kit for Elementor plugin for WordPress versions 1.4.4 and earlier Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private and draft posts created by Elemento...

CVE-2024-10798

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1003 via the 'wpr-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers,...

CVE-2024-10780 Restaurant & Cafe Addon for Elementor <= 1.5.9 - Authenticated (Contributor+) Post Disclosure

The Restaurant & Cafe Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.9 via the 'narestaurantelementortemplate' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for...

CVE-2024-10780

CVE-2024-10780 concerns the WordPress plugin “Restaurant & Cafe Addon for Elementor.” Affected versions are

PT-2024-16540 · WordPress · The Restaurant & Cafe Addon For Elementor

Name of the Vulnerable Software and Affected Versions: The Restaurant & Cafe Addon for Elementor plugin for WordPress versions up to, and including, 1.5.9 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts...

PT-2024-16557 · WordPress · The Royal Elementor Addons/Templates

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons and Templates plugin for WordPress versions up to, and including, 1.7.1003 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts...

CVE-2024-10868 Enter Addons – Ultimate Template Builder for Elementor <= 2.1.9 - Authenticated (Contributor+) Post Disclosure

The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.9 via the Advanced Tabs widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated...