[SECURITY] Fedora 40 Update: reflections-0.9.12-17.fc40

A Java run-time meta-data analysis, in the spirit of Scannotations Reflections scans your class-path, indexes the meta-data, allows you to query it on run-time and may save and collect that information for many modules within your project. Using Reflections you can query your meta-data such as: g...

WordPress Plugin JM Twitter Cards Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an...

PT-2024-18290 · WordPress · Jm Twitter Cards

Name of the Vulnerable Software and Affected Versions: JM Twitter Cards plugin for WordPress versions up to, and including, 12 Description: The issue allows unauthenticated attackers to view password protected post content when viewing the page source, due to Information Exposure via the meta...

Meta Data and Taxonomies Filter Plugin for WordPress < 1.3.1 Cross-Site Scripting

The WordPress Meta Data and Taxonomies Filter Plugin installed on the remote host is affected by an authenticated reflected Cross-Site Scripting XSS due to an incorrect usage of the core function eschtml. Note that the scanner has not tested for these issues but has instead relied only on the...

SEO Panel Security Breach

SEO Panel is an open source panel for managing website SEO Search Engine Optimization. A security vulnerability exists in SEO Panel version 4.10.0, which stems from a stored server segment request forgery vulnerability in the Crawl Meta Data feature that allows remote attackers to scan ports in t...

PT-2024-19521 · Seo Panel · Seo Panel

Name of the Vulnerable Software and Affected Versions: SEO Panel version 4.10.0 Description: A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality. This makes it possible for remote attackers to scan ports in the local environment. Recommendations: For SEO Panel version 4.10.0,...

PT-2023-35668 · Rawspeed · Rawspeed

Name of the Vulnerable Software and Affected Versions: rawspeed affected versions not specified Description: The issue is related to a heap-buffer-overflow read error. Technical details about the crash include the parseWhiteBalance function within DngDecoder, which is part of the rawspeed library...

CVE-2023-5776

The Post Meta Data Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the pmdmwpajaxdeletemeta, pmdmwpdeleteusermeta, and pmdmwpdeleteusermeta functions. This makes it possible for...

WordPress Plugin Post Meta Data Manager Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Post Meta Data Manager Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Post Meta Data Manager Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5776 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID be22b4c7158e Credits Francesco...

The vulnerabilities of the pmdm_wp_delete_user_meta, pmdm_wp_delete_term_meta, and pmdm_wp_ajax_delete_meta functions of the WordPress Content Management Plugin, Post Meta Data Manager, allow a malicious user to delete arbitrary user metadata.

The vulnerabilities of the pmdmwpdeleteusermeta, pmdmwpdeletetermmeta, and pmdmwpajaxdeletemeta functions of the WordPress Content Management Plugin, Post Meta Data Manager, are related to incorrect authentication procedures. Exploiting these vulnerabilities could allow a malicious actor to...

CVE-2023-5426

The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdmwpdeleteusermeta, pmdmwpdeletetermmeta, and pmdmwpajaxdeletemeta functions in versions up to, and including, 1.2.0. This makes it possible for...

CVE-2023-5426

CVE-2023-5426 affects the WordPress plugin Post Meta Data Manager (versions ≤ 1.2.0). A missing capability check in functions pmdm_wp_delete_user_meta, pmdm_wp_delete_term_meta, and pmdm_wp_ajax_delete_meta allows unauthenticated attackers to delete user, term, and post meta belonging to arbitrar...

CVE-2023-5426 Post Meta Data Manager <=1.2.0 - Missing Authorization to User, Term, and Post Meta Deletion

The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdmwpdeleteusermeta, pmdmwpdeletetermmeta, and pmdmwpajaxdeletemeta functions in versions up to, and including, 1.2.0. This makes it possible for...

WordPress Post Meta Data Manager Plugin <= 1.2.0 is vulnerable to Broken Access Control

Software Post Meta Data Manager Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5425 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 1def5cff52bd Credits Francesco Carlucci...

WordPress Post Meta Data Manager Plugin <= 1.2.0 is vulnerable to Broken Access Control

Software Post Meta Data Manager Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5426 Patch priority Medium CVSS severity Medium 7.5 Developer Claim ownership PSID a003d34ca1b2 Credits Francesco Carlucc...

WordPress Meta Data and Taxonomies Filter Plugin < 1.3.1 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:pluginus:wordpressmetadataandtaxonomiesfilter"; ifdescriptio...

CVE-2021-4419

The WP-Backgrounds Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the inosavedata function. This makes it possible for unauthenticated attackers to save meta data via a forged...

Cross site request forgery (csrf)

The WP-Backgrounds Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the inosavedata function. This makes it possible for unauthenticated attackers to save meta data via a forged...

CVE-2021-4419 WP-Backgrounds Lite <= 2.3 - Cross-Site Request Forgery Bypass

The WP-Backgrounds Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the inosavedata function. This makes it possible for unauthenticated attackers to save meta data via a forged...