CVE-2024-32818

CVE-2024-32818 concerns the WordPress MDTF (Meta Data and Taxonomies Filter) plugin from realmag777. The vulnerability affects MDTF versions up to 1.3.3 (the Initial doc lists “from n/a through 1.3.3”). The connected Red Hat and ENISA entries corroborate a Missing Authorization issue in this plug...

WordPress plugin WordPress Meta Data and Taxonomies Filter Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Widget Options plugin <= 4.0.1 - Subscriber+ User Meta Data Exposure Vulnerability

Subscriber+ User Meta Data Exposure Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Widget Options versions = 4.0.1...

CVE-2024-34434

Incorrect Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter MDTF allows Code Inclusion, Functionality Misuse.This issue affects WordPress Meta Data and Taxonomies Filter MDTF: from n/a through 1.3.3.2...

CVE-2024-34434

Incorrect Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter MDTF allows Code Inclusion, Functionality Misuse.This issue affects WordPress Meta Data and Taxonomies Filter MDTF: from n/a through 1.3.3.2...

CVE-2024-34434 WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.2 - Arbitrary Shortcode Execution vulnerability

Incorrect Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter MDTF allows Code Inclusion, Functionality Misuse.This issue affects WordPress Meta Data and Taxonomies Filter MDTF: from n/a through 1.3.3.2...

PT-2024-25888 · WordPress · Wordpress Meta Data/Taxonomies Filter

Name of the Vulnerable Software and Affected Versions: WordPress Meta Data and Taxonomies Filter MDTF versions 1.3.3.2 and earlier Description: The issue is related to an Incorrect Authorization vulnerability, allowing Code Inclusion and Functionality Misuse. Recommendations: For WordPress Meta...

WordPress plugin WordPress Meta Data and Taxonomies Filter 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-4605 Breakdance <= 1.7.1 - Authenticated (Contributor+) Remote Code Execution

The Breakdance plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.7.1 via post meta data. This is due to the plugin storing custom data in metadata without an underscore prefix. This makes it possible for lower privileged users, such as contributor...

WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.2 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin MDTF versions = 1.3.3.2...

CVE-2024-0613

The Delete Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3.1. This is due to missing or incorrect nonce validation on the ajaxdeletefield function. This makes it possible for unauthenticated attackers to delete arbitrary pos...

CVE-2024-0613 Delete Custom Fields <= 0.3.1 - Cross-Site Request Forgery to Post Meta Deletion

The Delete Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3.1. This is due to missing or incorrect nonce validation on the ajaxdeletefield function. This makes it possible for unauthenticated attackers to delete arbitrary pos...

CVE-2024-32883 MCUboot Injection attack of unprotected TLV values

MCUboot is a secure bootloader for 32-bits microcontrollers. MCUboot uses a TLV tag-length-value structure to represent the meta data associated with an image. The TLVs themselves are divided into two sections, a protected and an unprotected section. The protected TLV entries are included as part...

CVE-2024-32883

MCUboot is affected by an issue where unprotected TLV entries can be injected into a signed image, because the protected/unprotected TLV distinction is not enforced. This can allow an attacker to influence dependency indications or boot records, potentially causing a processed image to be rejecte...

SUSE-SU-2024:1345-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2024-24549: Fixed denial of service during header validation for HTTP/2 stream bsc1221386 - CVE-2024-23672: Fixed denial of service due to malicious WebSocket client keeping connection open bsc1221385 Other fixes: - Update to Tomcat 9.0.87...

CVE-2024-0872

The Watu Quiz plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1 via the watu-userinfo shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive user meta data which ca...

CVE-2024-0872 Watu Quiz <= 3.4.1 - Sensitive Information Disclosure

The Watu Quiz plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1 via the watu-userinfo shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive user meta data which ca...

CVE-2024-0872 Watu Quiz <= 3.4.1 - Sensitive Information Disclosure

The Watu Quiz plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1 via the watu-userinfo shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive user meta data which ca...

CVE-2024-0872

CVE-2024-0872 affects the Watu Quiz WordPress plugin. All versions up to 3.4.1 are vulnerable via the watu-userinfo shortcode, allowing authenticated attackers with contributor-level access and above to access sensitive user metadata (including session tokens and emails). The provided documents d...

Watu Quiz < 3.4.1.1 - Sensitive Information Disclosure

Description The Watu Quiz plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1 via the watu-userinfo shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive user meta...