CVE-2026-25796 ImageMagick has memory leak of watermark Image object in ReadSTEGANOImage on multiple error/early-return paths

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in ReadSTEGANOImage coders/stegano.c, the watermark Image object is not freed on three early-return paths, resulting in a definite memory leak 13.5KB+ per...

WordPress Pro Bulk Watermark plugin path traversal vulnerability

WordPress Pro Bulk Watermark plugin is an image watermark plugin designed for WordPress websites, mainly used to add custom watermarks to uploaded images in bulk, supporting text and image watermark types. A path traversal vulnerability exists in WordPress Pro Bulk Watermark plugin, which can be...

CVE-2024-1994

The Image Watermark plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the watermarkactionajax function in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with subscriber-level access and above...

WordPress Image Watermark plugin <= 1.7.3 - Missing Authorization to Authenticated (Subscriber+) Watermark Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Watermark Modification vulnerability discovered by Lucio Sá in WordPress Plugin Image Watermark versions = 1.7.3...

WordPress Image Watermark Plugin <= 1.7.3 is vulnerable to Broken Access Control

Software Image Watermark Type Plugin Vulnerable versions = 1.7.3 Fixed in 1.7.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1994 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 790ca7ba3a40 Credits Lucio Sá Required privilege...

CVE-2024-1994

The Image Watermark plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the watermarkactionajax function in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with subscriber-level access and above...

CVE-2024-1994

CVE-2024-1994 affects the Image Watermark WordPress plugin; due to a missing capability check in watermark_action_ajax(), authenticated users with subscriber level access and higher can apply or remove watermarks in all versions up to 1.7.3. Impact: data modification (watermarking) of images. Aff...

CVE-2024-1994 Image Watermark <= 1.7.3 - Missing Authorization to Authenticated (Subscriber+) Watermark Modification

The Image Watermark plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the watermarkactionajax function in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with subscriber-level access and above...

CVE-2024-1994 Image Watermark <= 1.7.3 - Missing Authorization to Authenticated (Subscriber+) Watermark Modification

The Image Watermark plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the watermarkactionajax function in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with subscriber-level access and above...

WordPress Plugin Image Watermark 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-18482 · WordPress · Image Watermark

Name of the Vulnerable Software and Affected Versions: Image Watermark plugin for WordPress versions up to, and including, 1.7.3 Description: The issue is related to a missing capability check on the watermark action ajax function, allowing authenticated attackers with subscriber-level access and...

Image Watermark < 1.7.4 - Missing Authorization to Authenticated (Subscriber+) Watermark Modification

Description The Image Watermark plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the watermarkactionajax function in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with subscriber-level acce...

CVE-2022-4888

The Checkout Fields Manager WordPress plugin before 1.0.2, Abandoned Cart Recovery WordPress plugin before 1.2.5, Custom Fields for WooCommerce WordPress plugin before 1.0.4, Custom Order Number WordPress plugin through 1.0.1, Custom Registration Forms Builder WordPress plugin before 1.0.2,...

PT-2023-15899 · WordPress · Checkout Fields Manager +12

Name of the Vulnerable Software and Affected Versions: Checkout Fields Manager WordPress plugin versions prior to 1.0.2 Abandoned Cart Recovery WordPress plugin versions prior to 1.2.5 Custom Fields for WooCommerce WordPress plugin versions prior to 1.0.4 Custom Order Number WordPress plugin...

WordPress Product Image Watermark for Woo Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Product Image Watermark for Woo Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 75275bbab7e3 Credits Rafie Muhammad...

WordPress plugin 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

NS WooCommerce Watermark <= 2.11.3 - Abuse of Functionality

An unprivileged user could use the functionality of the plugin to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain. Search for a vulnerable domain with the dork:...

WordPress Product Image Watermark for Woo plugin <= 1.0.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Product Image Watermark for Woo plugin versions = 1.0.3. Solution Update the WordPress Product Image Watermark for Woo plugin to the latest available version at least 1.0.4...

WordPress Product Image Watermark for Woo plugin <= 1.0.3 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Product Image Watermark for Woo plugin versions = 1.0.3. Solution Update the WordPress Product Image Watermark for Woo plugin to the latest available version at least 1.0.4...

CVE-2019-9692

class.showtime2image.php in CMS Made Simple CMSMS before 2.2.10 does not ensure that a watermark file has a standard image file extension GIF, JPG, JPEG, or PNG...