25 matches found
EUVD-2023-33677
Malicious code in bioql PyPI...
EUVD-2024-16577
Malicious code in bioql PyPI...
CVE-2024-1181
The Coming Soon, Under Construction & Maintenance Mode By Dazzler plugin for WordPress is vulnerable to maintenance mode bypass in all versions up to, and including, 2.1.2. This is due to the plugin relying on the REQUESTURI to determine if the page being accesses is an admin area. This makes it...
CVE-2024-0789
The WP Maintenance plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 6.1.9.2 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to...
CVE-2023-2159
The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmpbypass GET parameter in the URL equal to the md5-hashed homeurl in the default setting allows users to visit a site placed in maintenance mode th...
CVE-2024-0789 WP Maintenance <= 6.1.9.2 - IP Spoofing to Maintenance Mode Bypass
The WP Maintenance plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 6.1.9.2 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to...
CVE-2024-1181
The Coming Soon, Under Construction & Maintenance Mode By Dazzler plugin for WordPress is vulnerable to maintenance mode bypass in all versions up to, and including, 2.1.2. This is due to the plugin relying on the REQUESTURI to determine if the page being accesses is an admin area. This makes it...
CVE-2024-1181 Coming Soon, Under Construction & Maintenance Mode By Dazzler <= 2.1.2 - Maintenance Mode Bypass
The Coming Soon, Under Construction & Maintenance Mode By Dazzler plugin for WordPress is vulnerable to maintenance mode bypass in all versions up to, and including, 2.1.2. This is due to the plugin relying on the REQUESTURI to determine if the page being accesses is an admin area. This makes it...
CVE-2024-1181 Coming Soon, Under Construction & Maintenance Mode By Dazzler <= 2.1.2 - Maintenance Mode Bypass
The Coming Soon, Under Construction & Maintenance Mode By Dazzler plugin for WordPress is vulnerable to maintenance mode bypass in all versions up to, and including, 2.1.2. This is due to the plugin relying on the REQUESTURI to determine if the page being accesses is an admin area. This makes it...
Coming Soon, Under Construction & Maintenance Mode By Dazzler < 2.1.3 - Maintenance Mode Bypass
Description The plugin is vulnerable to maintenance mode bypass due to the plugin relying on the REQUESTURI to determine if the page being accesses is an admin area. This makes it possible for unauthenticated attackers to bypass maintenance mode and access the site which may be considered...
CVE-2024-1075
The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to maintenance mode bypass and information disclosure in all versions up to, and including, 2.37. This is due to the plugin improperly validating the request path. This makes it possible for unauthenticated attackers to...
Information disclosure
The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to maintenance mode bypass and information disclosure in all versions up to, and including, 2.37. This is due to the plugin improperly validating the request path. This makes it possible for unauthenticated attackers to...
CVE-2024-1075 Minimal Coming Soon – Coming Soon Page <= 2.37 - Unauthenticated Maintenance Mode Bypass
The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to maintenance mode bypass and information disclosure in all versions up to, and including, 2.37. This is due to the plugin improperly validating the request path. This makes it possible for unauthenticated attackers to...
CVE-2024-1075
CVE-2024-1075 affects the WordPress plugin Minimal Coming Soon – Coming Soon Page . The flaw permits unauthenticated maintenance mode bypass and information disclosure due to improper validation of the request path, affecting versions up to and including 2.37. The issue has been acknowledged by m...
WordPress plugin Minimal Coming Soon Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
WordPress Manutenção < 1.0.7 - IP Spoofing to Maintenance Mode Bypass
Description The plugin is vulnerable to IP Spoofing due to insufficient validation of IP addresses, allowing unauthenticated attackers to bypass the plugin's maintenance mode restriction via the 'X-Forwarded-For' HTTP header...
CVE-2023-2897
The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.4.18. This is due to an implicit trust of user-supplied IP addresses in an 'X-Forwarded-For' HTTP header for the purpose of validating allowed IP addresses against a Maintenance Mo...
CVE-2023-2897 Brizy Page Builder <= 2.4.18 - IP Address Spoofing to Protection Mechanism Bypass
The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.4.18. This is due to an implicit trust of user-supplied IP addresses in an 'X-Forwarded-For' HTTP header for the purpose of validating allowed IP addresses against a Maintenance Mo...
CVE-2023-2159
The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmpbypass GET parameter in the URL equal to the md5-hashed homeurl in the default setting allows users to visit a site placed in maintenance mode th...
Default credentials
The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmpbypass GET parameter in the URL equal to the md5-hashed homeurl in the default setting allows users to visit a site placed in maintenance mode th...