3 matches found
WordPress Tutor LMS - eLearning and online course solution plugin <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Coupon Modification vulnerability
WordPress Tutor LMS - eLearning and online course solution plugin = 3.9.3 - Missing Authorization to Authenticated Subscriber+ Arbitrary Coupon Modification vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Tutor LMS versions = 3.9.3...
WordPress WP All Import plugin <= 3.9.3 - Authenticated (Admin+) Limited Unsafe File Upload vulnerability
Authenticated Admin+ Limited Unsafe File Upload vulnerability discovered by Nguyen Quang Truong Roll in WordPress Plugin WP All Import versions = 3.9.3...
DEBIAN-CVE-2024-27306
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...