WordPress Plugin WP Umbrella: Update Backup Restore & Monitoring Local File Containment Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A local file inclusion vulnerability exists in the WordPress plugin WP Umbrella: Update Backup Restore &...

CVE-2024-55579

An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. An unprivileged user with network access may be able to create connection objects that trigger execution of arbitrary EXE files. This is fixed in November 2024 IR, May 2024 Patch 10, February 2024 Patch 14,...

CVE-2024-55579

An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. An unprivileged user with network access may be able to create connection objects that trigger execution of arbitrary EXE files. This is fixed in November 2024 IR, May 2024 Patch 10, February 2024 Patch 14,...

CVE-2024-12209

The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrella-restore' action. This makes it possible for unauthenticated attackers to include and execute...

CVE-2024-12209 WP Umbrella: Update Backup Restore & Monitoring <= 2.17.0 - Unauthenticated Local File Inclusion

The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrella-restore' action. This makes it possible for unauthenticated attackers to include and execute...

PT-2024-16699 · WordPress · Fileorganizer

Name of the Vulnerable Software and Affected Versions: FileOrganizer – Manage WordPress and Website Files plugin for WordPress versions up to, and including, 1.1.4 Description: The issue allows authenticated attackers with Administrator-level access and above to include and execute arbitrary file...

CVE-2024-10516 Swift Performance Lite <= 2.3.7.1 - Unauthenticated Local PHP File Inclusion via 'ajaxify'

The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of...

CVE-2024-9669 File Manager Pro – Filester <= 1.8.5 - Authenticated (Administrator+) Local JavaScript File Inclusion

The File Manager Pro – Filester plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.8.5 via the 'fmlocale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute...

CVE-2024-10873

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.2 via the loadtemplate function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitra...

WordPress plugin Chartify – WordPress Chart Plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

PT-2024-16374 · WordPress · Chartify

Name of the Vulnerable Software and Affected Versions: The Chartify – WordPress Chart Plugin versions up to, and including, 2.9.5 Description: The issue is related to Local File Inclusion, allowing unauthenticated attackers to include and execute arbitrary files on the server via the source...

WordPress plugin Category Ajax Filter 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...

Chatwork Desktop Application (Windows) uses a potentially dangerous function

Overview Chatwork Desktop Application Windows provided by kubell Co., Ltd. contains an issue with use of potentially dangerous function CWE-676, which allows a user to access an external website via a link in the application. RyotaK of Flatt Security Inc. directly reported this vulnerability to t...

CVE-2024-45398

Contao CMS vulnerability: a back-end user with file-manager access can upload and execute malicious files on the server, enabling remote command execution. Affected range includes Contao 4.x up to 4.13.48, 5.x up to 5.4.2. Remediation recommended by advisories is to upgrade to Contao 4.13.49, 5.3...

IBM webMethods Integration Multiple Vulnerabilities

RISK EVALUATION IBM webMethods Integration contains multiple vulnerabilities that could allow an authenticated attacker to escalate privileges within webMethods, execute arbitrary operating system commands, or read arbitrary files. 2. RECOMMENDED PRACTICES Install webMethods Integration Corefix...

CVE-2024-45076

IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system...

CVE-2024-43882

CVE-2024-43882 is a Linux kernel race Condition (ToCToU) in exec path: permission checks for a file are done at do_filp_open(), but the metadata (mode/UID/GID) used later in execve() can be changed before execution, enabling potential root privilege escalation. The issue is exploitable in scenari...

CVE-2024-7145 JetElements <= 2.6.20 - Authenticated (Contributor+) Arbitrary Local File Inclusion

The JetElements plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.20 via the 'progresstype' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the...

PT-2024-38109 · WordPress · Jettabs For Elementor

Name of the Vulnerable Software and Affected Versions: JetTabs for Elementor plugin for WordPress versions up to and including 2.2.3 Description: The issue allows authenticated attackers with Contributor-level access and above to include and execute arbitrary files on the server via the switcher...

PT-2024-37086 · WordPress · Wpbakery Visual Composer

Name of the Vulnerable Software and Affected Versions: WPBakery Visual Composer plugin for WordPress versions up to, and including, 7.7 Description: The issue allows authenticated attackers with Author-level access and above, and with post permissions granted by an Administrator, to include and...