CVE-2024-3947

The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodosettings function. This makes it possible for unauthenticated attackers to modify the plugin's settings via ...

CVE-2024-2038

CVE-2024-2038 affects the Visual Website Collaboration, Feedback & Project Management – Atarim WordPress plugin. The vulnerability arises from hardcoded credentials used to authenticate all incoming API requests, enabling unauthorized access. Exploitation allows unauthenticated attackers to modif...

PT-2024-18654 · WordPress · Atarim

Name of the Vulnerable Software and Affected Versions: The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress versions up to, and including, 3.22.6 Description: The issue is due to the use of hardcoded credentials to authenticate all incoming API requests...

CVE-2024-34707

CVE-2024-34707 affects Nautobot where an admin user can modify BANNER_TOP, BANNER_BOTTOM, and BANNER_LOGIN via the /admin/constance/config/ endpoint, enabling insertion of arbitrary HTML and potentially stored XSS across Nautobot pages. Multiple connected sources confirm this risk and describe th...

CVE-2024-28327

Asus RT-N12+ B1 router stores user passwords in plaintext, which could allow local attackers to obtain unauthorized access and modify router settings...

CVE-2024-28325

Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to obtain unauthorized access and modify router settings...

CVE-2024-28325

Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to obtain unauthorized access and modify router settings...

ASUS RT-N12 安全漏洞

ASUS RT-N12 is a router from Asus China. A security vulnerability exists in the ASUS RT-N12+ B1 that originates from storing user passwords in clear text, which could allow a local attacker to gain unauthorized access and modify router settings...

PT-2024-4583 · Asus · Asus Rt-N12+ B1

Name of the Vulnerable Software and Affected Versions: ASUS RT-N12+ B1 router version not specified Description: The issue is related to insufficient protection of registration data in the router's firmware, allowing local attackers to obtain unauthorized access to protected information. The rout...

CVE-2024-28327

CVE-2024-28327 affects Asus RT-N12+ B1 router. The root cause is that the device stores user passwords in plaintext, enabling local attackers to obtain unauthorized access and modify router settings. Documented impact is high (local access, confidentiality/integrity/availability at risk). Publicl...

DRUPAL-CONTRIB-2024-017

Progressive web applications are web applications that load like regular web pages or websites but can offer the user functionality such as working offline, push notifications, and device hardware access traditionally available only to native applications. This module doesn't sufficiently protect...

CVE-2024-1042

The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for authenticated...

CVE-2024-2326

The Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possibl...

Default configuration

Incorrect default permission in AppLock prior to SMR MAr-2024 Release 1 allows local attackers to configure AppLock settings...

PT-2024-18738 · Applock · Applock

Name of the Vulnerable Software and Affected Versions: AppLock versions prior to SMR Mar-2024 Release 1 Description: The issue is related to an incorrect default permission in AppLock, allowing local attackers to configure AppLock settings. This could potentially lead to unauthorized access or...

PT-2024-19138 · Netapp · Storagegrid

Name of the Vulnerable Software and Affected Versions: StorageGRID formerly StorageGRID Webscale versions prior to 11.8 Description: The issue is a difficult to exploit Reflected Cross-Site Scripting XSS vulnerability. Successful exploitation requires the attacker to know specific information abo...

Rockwell FactoryTalk Services Platform < 6.40 Authentication Bypass

The version of Rockwell FactoryTalk Services Platform installed on the remote Windows host is prior to 6.40. It is, therefore, affected by a vulnerability. - A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and u...

CVE-2023-6843

The easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, Career Page for Elementor & Gutenberg WordPress plugin before 2.4.7 does not properly secure some of its AJAX actions, allowing any logged-in users to modify its settings...

CVE-2023-6638

The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatesettings' function in versions up to, and including, 1.2.4. This makes it possible for unauthenticated attackers to update plugin settings...

easy.jobs < 2.4.7 - Subscriber+ Arbitrary Settings Update

Description The plugin does not properly secure some of its AJAX actions, allowing any logged-in users to modify its settings. PoC fetch"/wp-admin/admin-ajax.php", "headers": "content-type": "multipart/form-data; boundary=----WebKitFormBoundaryvEIqF0bdJXlPN58D", , "body":...