CVE-2024-25910

CVE-2024-25910 : WordPress plugin MoveTo (moveto)

CVE-2024-25910 WordPress MoveTo Plugin <= 6.2 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2...

CVE-2024-25910 WordPress MoveTo Plugin <= 6.2 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2...

PT-2024-21202 · Skymoonlabs · Skymoonlabs Moveto

Name of the Vulnerable Software and Affected Versions: Skymoonlabs MoveTo versions prior to 6.2 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as SQL Injection. This allows for potential exploitation by injecting malicious SQ...

WordPress Plugin MoveTo SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin MoveTo suffers from a SQL...

CVE-2024-25913

Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2...

CVE-2024-25913

Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2...

Unrestricted file upload

Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2...

CVE-2024-25913 WordPress MoveTo Plugin <= 6.2 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2...

CVE-2024-25913 WordPress MoveTo Plugin <= 6.2 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2...

CVE-2024-25913

CVE-2024-25913 concerns the WordPress plugin MoveTo by Skymoonlabs. Affected: MoveTo versions ≤ 6.2. Issue: Unrestricted Upload of File with Dangerous Type, enabling unauthenticated arbitrary file uploads. Impact is described as critical, with high confidentiality, integrity, and availability con...

PT-2024-21205 · Skymoonlabs · Skymoonlabs Moveto

Name of the Vulnerable Software and Affected Versions: Skymoonlabs MoveTo versions n/a through 6.2 Description: The issue is related to an Unrestricted Upload of File with Dangerous Type, which affects Skymoonlabs MoveTo. This allows for the upload of files with potentially dangerous types withou...

WordPress Plugin Moveto Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

MoveTo <= 6.2 - Missing Authorization to Unauthenticated Options Update

Description The moveto plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to update arbitrary WordPress options, potentially leading to site...

MoveTo <= 6.2 - Unauthenticated Directory Traversal to Arbitrary File Deletion

Description The moveto plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, leading to site takeover...

WordPress MoveTo Plugin <= 6.2 is vulnerable to Denial of Service Attack

Software MoveTo Type Plugin Vulnerable versions = 6.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Denial of Service Attack CVE CVE-2024-25911 Patch priority Medium CVSS severity Medium 8.6 Developer Claim ownership PSID fbded13be6d8 Credits Dave Jong Patchstack Required...

WordPress MoveTo Plugin <= 6.2 is vulnerable to Settings Change

Software MoveTo Type Plugin Vulnerable versions = 6.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-25912 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID b88d3d6ad2fe Credits Dave Jong Patchstack Required privilege...

WordPress MoveTo Plugin <= 6.2 is vulnerable to Arbitrary File Upload

Software MoveTo Type Plugin Vulnerable versions = 6.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-25913 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 08fbe7e305e7 Credits Dave Jong Patchstack Required privilege Unauthenticat...

WordPress MoveTo Plugin <= 6.2 is vulnerable to SQL Injection

Software MoveTo Type Plugin Vulnerable versions = 6.2 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-25910 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 376a551a56e9 Credits Dave Jong Patchstack Required privilege Unauthenticated...

dlplibs:key6fuzzer: Segv on unknown address in std::__1::deque<std::__1::deque<boost::variant<libetonyek::MoveTo, libetonyek::L

Detailed Report: https://oss-fuzz.com/testcase?key=5752428626706432 Project: dlplibs Fuzzing Engine: honggfuzz Fuzz Target: key6fuzzer Job Type: honggfuzzasandlplibs Platform Id: linux Crash Type: Segv on unknown address Crash Address: Crash State:...