WordPress Cache Sniper for Nginx plugin <= 1.0.4.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika in WordPress Plugin Cache Sniper for Nginx versions = 1.0.4.2...

WordPress plugin Cache Sniper for Nginx 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-5082 · Unknown · Cache Sniper For Nginx

Name of the Vulnerable Software and Affected Versions: Cache Sniper for Nginx versions 1.0.4.2 and earlier Description: The issue is related to a missing authorization vulnerability in Cache Sniper for Nginx, which allows exploiting incorrectly configured access control security levels...

CVE-2024-56236

Missing Authorization vulnerability in Juni Hestia Nginx Cache hestia-nginx-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hestia Nginx Cache: from n/a through = 2.4.0...

CVE-2024-56236 WordPress Hestia Nginx Cache plugin <= 2.4.0 - Cross Site Request Forgery (CSRF) vulnerability

Missing Authorization vulnerability in Juni Hestia Nginx Cache hestia-nginx-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hestia Nginx Cache: from n/a through = 2.4.0...

CVE-2024-56236 WordPress Hestia Nginx Cache plugin <= 2.4.0 - Cross Site Request Forgery (CSRF) vulnerability

Missing Authorization vulnerability in Jakob Bouchard Hestia Nginx Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hestia Nginx Cache: from n/a through 2.4.0...

CVE-2024-56236

CVE-2024-56236 is described in connected Red Hat data as a Missing Authorization vulnerability in Hestia Nginx Cache, affecting Hestia Nginx Cache versions up to 2.4.0. The Red Hat advisory indicates the issue has been patched. No additional technical details (e.g., exploit vectors, risk, or exac...

VulnCheck KEV: CVE-2019-18371

An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can...

WordPress plugin Hestia Nginx Cache 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-3202 · Unknown · Hestia Nginx Cache

Name of the Vulnerable Software and Affected Versions: Hestia Nginx Cache versions through 2.4.0 Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels. Recommendations: For versions through...

PT-2025-44725

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified NGINX versions 1.26.x Description The Linux kernel driver for Realtek 8xxxU wireless adapters contains a flaw where insufficient space is allocated for driver private station data, leading to a...

WordPress Hestia Nginx Cache plugin <= 2.4.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Marek Mikita Patchstack Alliance in WordPress Plugin Hestia Nginx Cache versions = 2.4.0...

BIT-DISCOURSE-2024-53991 Potential Backup file leaked via Nginx in Discourse

Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use FileStore::LocalStore which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick...

CVE-2024-53991

Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use FileStore::LocalStore which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick...

CVE-2024-53991 Potential Backup file leaked via Nginx in Discourse

Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use FileStore::LocalStore which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick...

CVE-2024-53991 Potential Backup file leaked via Nginx in Discourse

Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use FileStore::LocalStore which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick...

CVE-2024-53991

Discourse backup file disclosure via default Nginx configuration (CVE-2024-53991) affects Discourse instances using FileStore::LocalStore for local uploads/backups. Attackers who know a backup filename can trick nginx into serving the backup file, exposing complete backups with sensitive data. Th...

CVE-2024-10590

The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the adminupload function in all versions up to, and including, 4.07. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...

CVE-2024-10590 Opt-In Downloads <= 4.07 - Authenticated (Subscriber+) Arbitrary File Upload

The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the adminupload function in all versions up to, and including, 4.07. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...

CVE-2024-10590

CVE-2024-10590 affects the Opt-In Downloads WordPress plugin. The vulnerability exists in all versions up to and including 4.07, enabling authenticated attackers with Subscriber+ privileges to upload arbitrary files due to missing file type validation in admin_upload(). On sites using an .htacces...