WordPress plugin BuddyPress Groups Extras 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2025-5389 · Slaffik · Buddypress Groups Extras

Name of the Vulnerable Software and Affected Versions: slaFFik BuddyPress Groups Extras versions 3.6.10 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF problem, which allows an attacker to perform unauthorized actions on a user's account. This is a type of attac...

WordPress BuddyPress Groups Extras plugin <= 3.6.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Marek Mikita in WordPress Plugin BuddyPress Groups Extras versions = 3.6.10...

Medium: python38

Issue Overview: The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which...

Important: redis

Issue Overview: Denial-of-service due to unbounded pattern matching CVE-2024-31228 Lua library commands may be exploited by an authenticated user to achieve remote-code-execution CVE-2024-31449 Affected Packages: redis Note: This advisory is applicable to Amazon Linux 2 - Redis6 Extra. Visit this...

Medium: runc

Issue Overview: The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. CVE-2024-24790 Affected Packages: runc Note: This advisory is applicable to Amazon Linu...

Medium: oci-add-hooks

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

Low: cups

Issue Overview: A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with...

Malicious code in attribute-normalizer-extras (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-6719 Malicious code in attribute-normalizer-extras (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Important: unbound

Issue Overview: A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw...

OPENSUSE-SU-2024:10497-1 kio-extras5-16.12.0-1.1 on GA media

These are all security issues fixed in the kio-extras5-16.12.0-1.1 package on the GA media of openSUSE Tumbleweed...

Fedora: Security Advisory for qt5-qtx11extras (FEDORA-2024-2e27372d4c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-26899 · Nautobot · Nautobot

Name of the Vulnerable Software and Affected Versions: Nautobot versions 1.3.0 through 1.6.22 Nautobot versions 2.0.0 through 2.2.4 Description: A user with extras.view dynamicgroup permission can use the Dynamic Group detail UI view /extras/dynamic-groups// and/or the members REST API view...

Cross Site Scripting (XSS)

phpxmlrpc/extras is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to inadequate input validation within the documentingxmlrpcserver class when processing the GET methodName parameter, which allows attackers to execute malicious scripts in the context of the user's browser,...

WordPress Toolbar Extras for Elementor & More plugin <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Krzysztof Zając in WordPress Plugin Toolbar Extras for Elementor & More versions = 1.4.9...

WordPress Toolbar Extras for Elementor & More Plugin <= 1.4.9 is vulnerable to Cross Site Scripting (XSS)

Software Toolbar Extras for Elementor & More Type Plugin Vulnerable versions = 1.4.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3611 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4fce580ecf65 Credits...

WordPress plugin Toolbar Extras for Elementor & More – WordPress Admin Bar Enhanced 安全漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress plugin Toolbar Extras...

PT-2024-40512 · Unknown · Phpxmlrpc/Extras

Name of the Vulnerable Software and Affected Versions: phpxmlrpc/extras versions prior to 0.6.1 Description: The issue exists within the class documenting xmlrpc server when processing the methodName parameter in GET requests, specifically through the API endpoint, allowing for a Cross-Site...

PT-2024-15301 · Google · Android

Name of the Vulnerable Software and Affected Versions: UserManagerService.java affected versions not specified Description: The issue is related to improper input validation in multiple methods of UserManagerService.java, which could lead to a failure to persist or enforce user restrictions. This...