CVE-2024-32602 WordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.3.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.3.1...

CVE-2024-32602

CVE-2024-32602 is an SQL Injection flaw in OnTheGoSystems WooCommerce Multilingual & Multicurrency (affecting 5.3.3.1 and earlier). Root cause: improper neutralization of SQL elements in the plugin’s queries. Impact: high risk to confidentiality and integrity of database content; authenticated at...

CVE-2024-32602 WordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.3.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.3.1...

[SECURITY] Fedora 39 Update: filezilla-3.67.0-1.fc39

FileZilla is a FTP, FTPS and SFTP client for Linux with a lot of features. - Supports FTP, FTP over SSL/TLS FTPS and SSH File Transfer Protocol SFTP - Cross-platform - Available in many languages - Supports resume and transfer of large files greater than 4GB - Easy to use Site Manager and transfe...

WordPress Plugin WooCommerce Multilingual & Multicurrency with WPML SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin...

PT-2024-24724 · Onthegosystems · Woocommerce Multilingual & Multicurrency

Name of the Vulnerable Software and Affected Versions: OnTheGoSystems WooCommerce Multilingual & Multicurrency versions through 5.3.3.1 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for...

WordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.3.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WooCommerce Multilingual & Multicurrency versions = 5.3.3.1...

WordPress WooCommerce Multilingual & Multicurrency Plugin <= 5.3.3.1 is vulnerable to SQL Injection

Software WooCommerce Multilingual & Multicurrency Type Plugin Vulnerable versions = 5.3.3.1 Fixed in 5.3.4 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32602 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID b58e38f053fe Credits Rafie Muhammad...

CVE-2024-31983

XWiki Platform is a generic wiki platform. In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations script right for user-scope translations, wiki admin for translations on the wiki. Starting i...

CVE-2024-31983 XWiki Platform: Remote code execution from edit in multilingual wikis via translations

XWiki Platform is a generic wiki platform. In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations script right for user-scope translations, wiki admin for translations on the wiki. Starting i...

CVE-2024-31983 XWiki Platform: Remote code execution from edit in multilingual wikis via translations

XWiki Platform is a generic wiki platform. In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations script right for user-scope translations, wiki admin for translations on the wiki. Starting i...

XWiki Platform: Remote code execution from edit in multilingual wikis via translations

Impact In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations script right for user-scope translations, wiki admin for translations on the wiki. This can be exploited for remote code executio...

GHSA-XXP2-9C9G-7WMJ XWiki Platform: Remote code execution from edit in multilingual wikis via translations

Impact In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations script right for user-scope translations, wiki admin for translations on the wiki. This can be exploited for remote code executio...

WooCommerce Multilingual & Multicurrency < 5.3.5 - Missing Authorization

Description The WooCommerce Multilingual & Multicurrency plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an...

WordPress WooCommerce Multilingual & Multicurrency Plugin <= 5.3.4 is vulnerable to Broken Access Control

Software WooCommerce Multilingual & Multicurrency Type Plugin Vulnerable versions = 5.3.4 Fixed in 5.3.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30466 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID a9e0969e36a2 Credits Rafi...

Translate WordPress and go Multilingual – Weglot < 4.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes

Description The Translate WordPress and go Multilingual – Weglot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget/block in all versions up to, and including, 4.2.5 due to insufficient input sanitization and output escaping on user supplied attributes such ...

Path traversal

Path Traversal vulnerability in Linea Grafica "Multilingual and Multistore Sitemap Pro - SEO" lgsitemaps module for PrestaShop before version 1.6.6, a guest can download personal information without restriction...

CVE-2024-24311

Path Traversal vulnerability in Linea Grafica "Multilingual and Multistore Sitemap Pro - SEO" lgsitemaps module for PrestaShop before version 1.6.6, a guest can download personal information without restriction...

CVE-2024-24311

Path Traversal in PrestaShop module lgsitemaps (Multilingual and Multistore Sitemap Pro - SEO) prior to version 1.6.6 allows a guest to download personal information. Affected: PrestaShop with the lgsitemaps module. Root cause: path traversal vulnerability in the module. Impact: unauthorized disc...

[SECURITY] Fedora 39 Update: filezilla-3.66.4-1.fc39

FileZilla is a FTP, FTPS and SFTP client for Linux with a lot of features. - Supports FTP, FTP over SSL/TLS FTPS and SSH File Transfer Protocol SFTP - Cross-platform - Available in many languages - Supports resume and transfer of large files greater than 4GB - Easy to use Site Manager and transfe...