38 matches found
The Security Growth Platform: Why MSPs Are Moving Beyond vCISO Tools
Three years ago, the practical question for an MSP building a cybersecurity practice was which "vCISO platform" to buy. The term was good shorthand for the work at the time: assessments, advisory, reporting, maybe a compliance module bolted on the side. The work has since outgrown the descriptor....
EUVD-2024-32166
Malicious code in bioql PyPI...
CVE-2024-3587
The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid Portfolios Widget in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...
CVE-2024-1384
The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'auxrecentportfoliosgrid' shortcode in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2024-1384
The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'auxrecentportfoliosgrid' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes...
PT-2024-17996 · WordPress · Premium Portfolio Features For Phlox
Name of the Vulnerable Software and Affected Versions: Premium Portfolio Features for Phlox theme plugin for WordPress versions up to, and including, 2.3.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'aux recent portfolios grid' shortcode due to insufficient...
CVE-2024-3587
The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid Portfolios Widget in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...
CVE-2024-3587
CVE-2024-3587 affects Premium Portfolio Features for Phlox theme (WordPress). The vulnerability is a Stored XSS in the Grid Portfolios Widget present in all versions up to and including 2.3.2, caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitation ...
WordPress Premium Portfolio Features for Phlox theme plugin <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via ' Grid Portfolios' vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via ' Grid Portfolios' vulnerability discovered by wesley wcraft in WordPress Plugin Phlox Portfolio versions = 2.3.2...
PT-2024-26765 · WordPress · Premium Portfolio Features For Phlox
Name of the Vulnerable Software and Affected Versions: Premium Portfolio Features for Phlox theme plugin for WordPress versions up to, and including, 2.3.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Grid Portfolios Widget due to insufficient input sanitizati...
Why the Search for Best-Of-Breed Tooling is Causing Issues for Security Teams
The growing need to consolidate vendor portfolios The adoption of best-of-breed security solutions has led to unforeseen problems for SOCs. Onboarding a new solution increases complexity; it requires configuration, integration with existing tools, fine-tuning policies, and the ability to create...
Moodle Portfolio forum caller class allows a user to download any file
An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL...
GHSA-VXMV-74RF-VQGP Moodle Portfolio forum caller class allows a user to download any file
An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL...
GHSA-XJX9-7C29-PWMM Moodle Improper Privilege Management
An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL...
Moodle Improper Privilege Management
An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL...
CVE-2022-24111
In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels can be viewed without requiring a login if the URL to these portfolios is known...
CVE-2022-24111
In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels can be viewed without requiring a login if the URL to these portfolios is known...
CVE-2022-24111
In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels can be viewed without requiring a login if the URL to these portfolios is known...
CVE-2022-24111
Summary: CVE-2022-24111 affects Mahara 21.04 prior to 21.04.3 and 21.10 prior to 21.10.1. The vulnerability allows portfolios (including group-based portfolios and site/institution-level portfolios) to be viewed without authentication if the URL is known, constituting an information-disclosure is...
The vulnerability of the `get_portfolios()` and `get_portfolio_attributes()` functions in the Portfolio Responsive Gallery plugin of the WordPress content management system allows a hacker to execute arbitrary SQL code.
The vulnerability of the getportfolios and getportfolioattributes functions in the Portfolio Responsive Gallery plugin of the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability could allow a remote attacker ...