6271 matches found
WordPress Kodex Posts likes plugin <= 2.5.0 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Kodex Posts likes versions = 2.5.0...
WordPress Kodex Posts likes Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)
Software Kodex Posts likes Type Plugin Vulnerable versions = 2.5.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8713 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 83c067bae0c0 Credits vgo0 Required...
PT-2024-39068 · WordPress · Themesflat Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Themesflat Addons For Elementor plugin for WordPress versions up to, and including, 2.2.1 Description: The issue allows authenticated attackers with Contributor-level access and above to extract limited post information from draft and future...
WordPress Kodex Posts likes plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Kodex Posts likes versions = 2.5.0...
WordPress Kodex Posts likes Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)
Software Kodex Posts likes Type Plugin Vulnerable versions = 2.5.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44036 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a36dce24013f Credits SOPROBRO Required privilege...
WordPress Posts reminder plugin <= 0.20 - Settings Update via CSRF vulnerability
Settings Update via CSRF vulnerability discovered by Daniel Ruf in WordPress Plugin Posts reminder versions = 0.20...
CVE-2024-8093
The Posts reminder WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-8093
The Posts reminder WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-8093 Posts reminder <= 0.20 - Settings Update via CSRF
The Posts reminder WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-8093 Posts reminder <= 0.20 - Settings Update via CSRF
The Posts reminder WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WordPress plugin Posts reminder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Woocommerce is one of the e-commerce plugins.WordPress plugin is an application plugin...
WordPress Posts reminder Plugin <= 0.20 is vulnerable to Cross Site Request Forgery (CSRF)
Software Posts reminder Type Plugin Vulnerable versions = 0.20 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8093 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f49f52b3e7c5 Credits Daniel Ruf Required...
netty-codec-http: Allocation of Resources Without Limits or Throttling
A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until ...
CVE-2024-6678
creationtimestamp| type| source ---|---|--- 2024-09-12 10:08:54+00:00| seen| https://t.me/HackingInsights/12852 2024-09-12 15:18:20+00:00| seen| https://t.me/BleepingComputer/20662 2024-09-12 18:47:39+00:00| seen| https://t.me/thehackernews/5573 2024-09-12 18:59:10+00:00| seen|...
CVE-2024-27115
creationtimestamp| type| source ---|---|--- 2024-09-11 17:00:52+00:00| seen| https://t.me/cvedetector/5359 2025-01-20 21:02:11+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lg7ad6kcpm2d 2025-02-10 21:01:59+00:00| seen|...
CVE-2024-43461
creationtimestamp| type| source ---|---|--- 2024-09-10 17:25:32+00:00| seen| https://www.thezdi.com/blog/2024/9/10/the-september-2024-security-update-review 2024-09-10 20:06:31+00:00| seen| https://t.me/cvedetector/5292 2024-09-11 04:00:00+00:00| seen|...
BIT-MATTERMOST-2024-41144
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to properly validate synced posts, when shared channels are enabled, which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channels...
CVE-2023-36756
creationtimestamp| type| source ---|---|--- 2024-09-05 15:39:37+00:00| seen| https://www.thezdi.com/blog/2024/9/4/exploiting-exchange-powershell-after-proxynotshell-part-1-multivaluedproperty 2024-09-12 15:00:00+00:00| seen|...
CVE-2024-44000
creationtimestamp| type| source ---|---|--- 2024-09-05 14:18:45+00:00| published-proof-of-concept| https://t.me/WARLOCKDARKARMYOFFICIALS/4554 2024-09-05 16:31:47+00:00| published-proof-of-concept| Telegram/iqzr0evsZIMMy3NnASIGxZl2nBENTlvbGPIFKVphLoM3UsM 2024-09-06 03:57:32+00:00|...
CVE-2024-6835
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajaxloadposts function. This makes it possible for unauthenticated attackers to extract text data from password-protected posts using the...