PT-2024-16591 · WordPress · Buy One Click Woocommerce Plugin

Name of the Vulnerable Software and Affected Versions: Buy one click WooCommerce plugin for WordPress versions up to, and including, 2.2.9 Description: The issue arises from a missing capability check on the buy one click export options AJAX action, allowing authenticated attackers with...

WordPress Buy one click WooCommerce plugin <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Settings Export vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Export vulnerability discovered by incognito in WordPress Plugin Buy one click WooCommerce versions = 2.2.9...

WordPress Buy one click WooCommerce Plugin <= 2.2.9 is vulnerable to Broken Access Control

Software Buy one click WooCommerce Type Plugin Vulnerable versions = 2.2.9 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10852 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a5a826444a0c Credits incognito Required...

CVE-2024-48227

Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service DOS...

FunAdmin 安全漏洞

FunAdmin is FunAdmin open source a lightweight and high-color backend development system based on ThinkPHP6+Layui development. A security vulnerability exists in FunAdmin version 5.0.2, which originates from an SQL injection vulnerability in the Curd one-click command mode plugin...

CVE-2024-48229

Funadmin 5.0.2 is affected by a SQL injection in the Curd one-click command mode plugin. The vulnerability arises from improper input validation, allowing user-supplied data to be directly included in SQL queries without sanitization. This affects the Curd one-click command mode plugin and can im...

CVE-2024-48229

funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin...

FunAdmin 安全漏洞

FunAdmin is FunAdmin open source a lightweight and high-color backend development system based on ThinkPHP6+Layui development. A security vulnerability exists in FunAdmin version 5.0.2, which stems from a logic flaw in the Curd one-click command delete function that could lead to a denial of...

Announcing Couchbase Enterprise Server Cluster on Our One-Click App Marketplace

...

CVE-2024-38749

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Olive Themes Olive One Click Demo Import allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Olive One Click Demo Import: from n/a through 1.1.2...

CVE-2024-38749

CVE-2024-38749 affects the Olive One Click Demo Import plugin for WordPress (versions n/a through 1.1.2). The issue is Information Disclosure caused by Access Control Lists (ACLs) not properly constraining access to certain functionality, allowing an unauthorized actor to access sensitive data. P...

WordPress plugin Olive One Click Demo Import 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An information disclosure vulnerabilit...

PT-2024-28193 · Unknown · Olive One Click Demo Import

Name of the Vulnerable Software and Affected Versions: Olive One Click Demo Import versions 1.1.2 and earlier Description: The issue allows exposure of sensitive information to an unauthorized actor due to accessing functionality not properly constrained by ACLs. Recommendations: For Olive One...

WordPress One Click Close Comments plugin <= 2.7.1 - Unauthenticated Full Path Disclosure vulnerability

Unauthenticated Full Path Disclosure vulnerability discovered by stealthcopter in WordPress Plugin One Click Close Comments versions = 2.7.1...

CVE-2024-6546 One Click Close Comments <= 2.7.1 - Unauthenticated Full Path Disclosure

The One Click Close Comments plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.7.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the ful...

CVE-2024-6546

CVE-2024-6546 affects One Click Close Comments for WordPress (

PT-2024-37703 · WordPress · One Click Close Comments

Name of the Vulnerable Software and Affected Versions: One Click Close Comments plugin for WordPress versions up to and including 2.7.1 Description: The issue is related to Full Path Disclosure, which occurs because the plugin uses bootstrap and leaves test files with display errors on. This allo...

WordPress Olive One Click Demo Import plugin <= 1.1.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Olive One Click Demo Import versions = 1.1.2...

WordPress Olive One Click Demo Import Plugin <= 1.1.2 is vulnerable to Sensitive Data Exposure

Software Olive One Click Demo Import Type Plugin Vulnerable versions = 1.1.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-38749 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 3944618737f2 Credits Peng Zhou Require...

UBUNTU-CVE-2024-28828

Cross-Site request forgery in Checkmk 2.3.0p8, 2.2.0p29, 2.1.0p45, and = 2.0.0p39 EOL could lead to 1-click compromize of the site...