33 matches found
Canon多款产品 安全漏洞
Canon imagePRESS and other products are manufactured by Canon, a Japanese company. The Canon imagePRESS is a series of color production digital printing machines. The Canon imageFORCE is a series of color digital printers. The Canon imageRUNNER is a series of color digital printers. Several of...
EUVD-2024-50145
Malicious code in bioql PyPI...
EUVD-2024-50106
Malicious code in bioql PyPI...
EUVD-2024-50105
Malicious code in bioql PyPI...
CVE-2024-9778
The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'imagepressadminpage' function. This makes it possible for unauthenticated attackers to update...
CVE-2024-9824
The ImagePress – Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ipdeletepost' and 'ipupdateposttitle' functions in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers...
CVE-2024-9776
The ImagePress – Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
WordPress ImagePress plugin <= 1.2.2 - Cross-Site Request Forgery to Plugin Settings Update vulnerability
Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by Michelle Porter in WordPress Plugin ImagePress versions = 1.2.2...
WordPress ImagePress plugin <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Post Title Update vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Post Deletion and Post Title Update vulnerability discovered by Michelle Porter in WordPress Plugin ImagePress versions = 1.2.2...
WordPress ImagePress plugin <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Plugin Settings vulnerability discovered by 家桥 王 in WordPress Plugin ImagePress versions = 1.2.2...
WordPress ImagePress Plugin <= 1.2.2 is vulnerable to Broken Access Control
Software ImagePress Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.3.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9824 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 664cdc394386 Credits Michelle Porter Required privilege...
WordPress ImagePress Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)
Software ImagePress Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9776 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 25140d2def61 Credits 家桥 王 Required privilege...
WordPress ImagePress Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software ImagePress Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.3.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-9778 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 64726d176639 Credits Michelle Porter Required...
CVE-2024-9824
The ImagePress – Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ipdeletepost' and 'ipupdateposttitle' functions in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers...
CVE-2024-9776
The ImagePress – Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2024-9776
The ImagePress – Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2024-9778
The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'imagepressadminpage' function. This makes it possible for unauthenticated attackers to update...
CVE-2024-9778
The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'imagepressadminpage' function. This makes it possible for unauthenticated attackers to update...
CVE-2024-9776
CVE-2024-9776 refers to a stored cross-site scripting vulnerability in the WordPress plugin ImagePress – Image Gallery (versions
CVE-2024-9776 ImagePress - Image Gallery <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings
The ImagePress – Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...