CVE-2024-2110

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation on several actions. This makes it possible for unauthenticated attackers...

PT-2024-18831 · WordPress · The Events Manager

Name of the Vulnerable Software and Affected Versions: The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress versions up to, and including, 6.4.7.1 Description: The issue is related to Stored Cross-Site Scripting via the physical location value due to insufficient input...

PT-2024-18124 · WordPress · File Manager

Name of the Vulnerable Software and Affected Versions: File Manager plugin for WordPress versions up to, and including, 7.2.4 Description: The issue is due to missing or incorrect nonce validation on the wp file manager page that includes files through the lang parameter. This makes it possible f...

CVE-2024-24867 WordPress WP Stats Manager plugin <= 6.9.4 - Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Osamaesh WP Visitor Statistics Real Time Traffic.This issue affects WP Visitor Statistics Real Time Traffic: from n/a through 6.9.4...

WordPress Plugin Frontend File Manager Plugin Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2024-0614 Events Manager <= 6.4.6.4 - Authenticated(Administator+) Stored Cross-Site Scripting via settings

The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

WordPress Plugin WP Event Manager Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build...

CVE-2024-28159

CVE-2024-28159 affects Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier. The issue is a missing permission check in the plugin, allowing attackers with Item/Read permission to trigger a build via an HTTP endpoint. This is the core risk described across multiple sources (NVD/Red...

CVE-2024-28158

CVE-2024-28158 concerns a cross-site request forgery (CSRF) in the Jenkins Subversion Partial Release Manager Plugin (versions 1.0.1 and earlier). The issue, as described in the source documents, lets an attacker trigger a build by convincing an authenticated user to perform an action, due to CSR...

CVE-2024-28158

A cross-site request forgery CSRF vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build...

WordPress Smart Manager Plugin < 8.28.0 is vulnerable to SQL Injection

Software Smart Manager Type Plugin Vulnerable versions 8.28.0 Fixed in 8.28.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0566 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID c1d0448fde12 Credits Ivan Spiridonov Required privilege Administrator...

CVE-2024-0566

The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

CVE-2024-0566

The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

WordPress Plugin Smart Manager SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Design/Logic Flaw

The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract...

CVE-2024-0859

CVE-2024-0859: The Affiliates Manager WordPress plugin is affected by CSRF due to missing/incorrect nonce validation in ListAffiliatesTable.php (process_bulk_action). Affected versions are up to 2.9.34. Unauthenticated attackers can delete affiliates via forged requests if they trick an admin. CV...

CVE-2024-0761 File Manager <= 7.2.1 - Sensitive Information Exposure via Backup Filenames

The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract...

CVE-2024-0761 File Manager <= 7.2.1 - Sensitive Information Exposure via Backup Filenames

The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract...

WordPress plugin File Manager security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...