CVE-2024-9270

CVE-2024-9270 is active in Lenxel Core LMS (Lenxel Core) WordPress plugin prior to 1.2.3, vulnerable to Stored XSS via SVG file uploads due to insufficient input sanitization and output escaping. Affected versions up to 1.1 allow an authenticated attacker (Author+ level) to inject scripts in page...

WordPress plugin WordPress User Extra Fields 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

RLSA-2024:8842 Moderate: python3.12-urllib3 security update

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: • Thread safety. • Connection pooling. • Client-side SSL/TLS verification. • File uploads with multipart encoding. • Helpers for retrying request...

CVE-2024-10325

CVE-2024-10325 affects Elementor Header & Footer Builder (Ultimate Addons for Elementor) for WordPress. Desktop/REST SVG File Uploads allow Stored XSS due to insufficient input sanitization and output escaping in SVG handling. Affected versions: up to 1.6.45. Exploitation requires authentication ...

PT-2024-16421

Name of the Vulnerable Software and Affected Versions WooCommerce Support Ticket System plugin for WordPress versions up to, and including, 17.7 Description The issue is related to arbitrary file uploads due to missing file type validation in the ajax manage file chunk upload function. This allow...

Vulnerability of the handle_imageUpload() function in the plugin for creating customizable content based on artificial intelligence (AI): The Complete AI Pack from the WordPress content management system allows attackers to execute arbitrary code.

Vulnerability of the handleimageUpload function in the plugin for creating customizable content based on artificial intelligence AI: The Complete AI Pack of the WordPress content management system is associated with unlimited uploading of dangerous types of files. Exploiting this vulnerability...

CVE-2024-20476

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation of Administrator permissions. An attacker cou...

CVE-2024-8615

The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearchlocationloadexcelfilecallback function in all versions up to, and including, 2.6.7. This makes it possible for unauthenticated attackers to upload arbitrary...

CVE-2024-8614

The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearchwphandleupload function in all versions up to, and including, 2.6.7. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2024-8615

The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearchlocationloadexcelfilecallback function in all versions up to, and including, 2.6.7. This makes it possible for unauthenticated attackers to upload arbitrary...

CVE-2024-8614

The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearchwphandleupload function in all versions up to, and including, 2.6.7. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2024-8615

CVE-2024-8615 concerns the JobSearch WP Job Board WordPress plugin. The Red Hat advisory and Wordfence report confirm a flaw in missing file type validation in the function jobsearch_location_load_excel_file_callback(), across all versions up to and including 2.6.7. This allows unauthenticated at...

CVE-2024-9307

The mFolio Lite plugin for WordPress is vulnerable to file uploads due to a missing capability check in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute...

CVE-2024-9307 mFolio Lite <= 1.2.1 - Missing Authorization to Authenticated (Author+) File Upload via EXE and SVG Files

The mFolio Lite plugin for WordPress is vulnerable to file uploads due to a missing capability check in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute...

CVE-2024-9178

The XT Floating Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

CVE-2024-9443

The Basticom Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

CVE-2024-9443

CVE-2024-9443 affects the Basticom Framework WordPress plugin. It enables Stored Cross-Site Scripting via SVG uploads due to insufficient input sanitization and output escaping. Attack requires Author-level access or higher and can inject scripts that execute when a user loads the SVG. The vulner...

ALSA-2024:8842 Moderate: python3.12-urllib3 security update

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: • Thread safety. • Connection pooling. • Client-side SSL/TLS verification. • File uploads with multipart encoding. • Helpers for retrying request...

Tenda i22 代码问题漏洞

The Tenda i22 is a wireless access point from Tenda China. A code issue vulnerability exists in the Tenda i22 that stems from improper handling of the parameter Content-Length, resulting in a null pointer dereference. An attacker can exploit this vulnerability to upload arbitrary files...

WordPress plugin Stacks Mobile App Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...