CVE-2024-8624

CVE-2024-8624 affects the MDTF – Meta Data and Taxonomies Filter plugin for WordPress. Versions up to and including 1.3.3.3 are vulnerable to SQL Injection via the 'meta_key' attribute of the 'mdf_select_title' shortcode due to insufficient escaping and preparation of the existing SQL query. Expl...

PT-2024-39139 · WordPress · Mdtf

Name of the Vulnerable Software and Affected Versions: MDTF – Meta Data and Taxonomies Filter plugin for WordPress versions up to, and including, 1.3.3.3 Description: The issue is related to SQL Injection via the meta key attribute of the mdf select title shortcode. This is due to insufficient...

PT-2024-39138 · WordPress · Mdtf

Name of the Vulnerable Software and Affected Versions: MDTF – Meta Data and Taxonomies Filter plugin for WordPress versions up to, and including, 1.3.3.3 Description: The issue is related to arbitrary shortcode execution due to the software allowing users to execute an action that does not proper...

WordPress WP Meta SEO plugin <= 4.5.13 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Robert DeVore Patchstack Alliance in WordPress Plugin WP Meta SEO versions = 4.5.13...

CVE-2024-3679

The Premium SEO Pack – WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.002. This makes it possible for unauthenticated attackers to view limited information from password protected posts through the social meta data...

CVE-2024-3679

CVE-2024-3679 : The Premium SEO Pack – WP SEO Plugin for WordPress is vulnerable to unauthenticated Sensitive Information Exposure in all versions up to and including 1.6.001. Attackers can view limited information from password-protected posts via social meta data. According to the provided docu...

CVE-2024-3679 Premium SEO Pack – WP SEO Plugin <= 1.6.002 - Unauthenticated Information Exposure

The Premium SEO Pack – WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.002. This makes it possible for unauthenticated attackers to view limited information from password protected posts through the social meta data...

CVE-2024-43891

In the Linux kernel, the following vulnerability has been resolved: tracing: Have format file honor EVENTFILEFLFREED When eventfs was introduced, special care had to be done to coordinate the freeing of the file meta data with the files that are exposed to user space. The file meta data would hav...

CVE-2024-43891

In the Linux kernel, the following vulnerability has been resolved: tracing: Have format file honor EVENTFILEFLFREED When eventfs was introduced, special care had to be done to coordinate the freeing of the file meta data with the files that are exposed to user space. The file meta data would hav...

CVE-2024-43891

In the Linux kernel, the following vulnerability has been resolved: tracing: Have format file honor EVENTFILEFLFREED When eventfs was introduced, special care had to be done to coordinate the freeing of the file meta data with the files that are exposed to user space. The file meta data would hav...

CVE-2024-43891 tracing: Have format file honor EVENT_FILE_FL_FREED

In the Linux kernel, the following vulnerability has been resolved: tracing: Have format file honor EVENTFILEFLFREED When eventfs was introduced, special care had to be done to coordinate the freeing of the file meta data with the files that are exposed to user space. The file meta data would hav...

CVE-2024-43891

In the Linux kernel, the following vulnerability has been resolved: tracing: Have format file honor EVENTFILEFLFREED When eventfs was introduced, special care had to be done to coordinate the freeing of the file meta data with the files that are exposed to user space. The file meta data would hav...

CVE-2024-43891 tracing: Have format file honor EVENT_FILE_FL_FREED

In the Linux kernel, the following vulnerability has been resolved: tracing: Have format file honor EVENTFILEFLFREED When eventfs was introduced, special care had to be done to coordinate the freeing of the file meta data with the files that are exposed to user space. The file meta data would hav...

CVE-2024-6264

The Post Meta Data Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘$metakey’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-6264

CVE-2024-6264 in the WordPress plugin Post Meta Data Manager allows Stored Cross-Site Scripting via the '$meta_key' parameter in versions up to 1.2.3. Exploitation requires Contributor+ auth and occurs on pages with injected scripts; the attacker can cause script execution when users visit those ...

CVE-2024-6264 Post Meta Data Manager <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Post Meta Data Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘$metakey’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress Post Meta Data Manager plugin <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin Post Meta Data Manager versions = 1.2.3...

PT-2024-37494 · WordPress · Post Meta Data Manager

Name of the Vulnerable Software and Affected Versions: Post Meta Data Manager plugin for WordPress versions up to, and including, 1.2.3 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attackers...

WordPress Post Meta Data Manager Plugin <= 1.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Post Meta Data Manager Type Plugin Vulnerable versions = 1.2.3 Fixed in 1.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6264 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5a9e96c785e0 Credits Francesco Carlucc...

CVE-2024-32818

Missing Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter MDTF.This issue affects WordPress Meta Data and Taxonomies Filter MDTF: from n/a through 1.3.3...