230 matches found
CVE-2024-5856
The Comment Images Reloaded plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the cirdeleteimage AJAX action in all versions up to, and including, 2.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...
WordPress Comment Images Reloaded Plugin <= 2.2.1 is vulnerable to Broken Access Control
Software Comment Images Reloaded Type Plugin Vulnerable versions = 2.2.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-5856 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID a3534aef50ef Credits Lucio Sá Required...
PT-2024-37195 · WordPress · Comment Images Reloaded
Name of the Vulnerable Software and Affected Versions: Comment Images Reloaded plugin for WordPress versions up to, and including, 2.2.1 Description: The issue is related to a missing capability check on the cir delete image AJAX action. This allows authenticated attackers with Subscriber-level...
CVE-2024-26820 hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: Register VF in netvscprobe if NETDEVICEREGISTER missed If hvnetvsc driver is unloaded and reloaded, the NETDEVICEREGISTER handler cannot perform VF register successfully as the register call is received before netvscpro...
CVE-2024-31249
Insertion of Sensitive Information into Log File vulnerability in WPKube Subscribe To Comments Reloaded.This issue affects Subscribe To Comments Reloaded: from n/a through 220725...
CVE-2024-31249 WordPress Subscribe To Comments Reloaded plugin <= 220725 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information into Log File vulnerability in WPKube Subscribe To Comments Reloaded.This issue affects Subscribe To Comments Reloaded: from n/a through 220725...
CVE-2024-31249 WordPress Subscribe To Comments Reloaded plugin <= 220725 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information into Log File vulnerability in WPKube Subscribe To Comments Reloaded.This issue affects Subscribe To Comments Reloaded: from n/a through 220725...
CVE-2024-31249
CVE-2024-31249 is a vulnerability described as an Insertion of Sensitive Information into Log File affecting the WordPress plugin Subscribe To Comments Reloaded (WPKube). Public details indicate the issue impacts the Subscribe To Comments Reloaded plugin up to version 220725 (n/a through 220725)....
PT-2024-23891 · WordPress · Wpkube Subscribe To Comments Reloaded
Name of the Vulnerable Software and Affected Versions: WPKube Subscribe To Comments Reloaded versions from n/a through 220725 Description: The issue is related to the insertion of sensitive information into log files. This can potentially expose sensitive data. Recommendations: For versions from...
WordPress Subscribe To Comments Reloaded plugin <= 220725 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Subscribe To Comments Reloaded versions = 220725...
WordPress Subscribe To Comments Reloaded Plugin <= 220725 is vulnerable to Sensitive Data Exposure
Software Subscribe To Comments Reloaded Type Plugin Vulnerable versions = 220725 Fixed in 240119 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-31249 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 45c0e6e3acea...
CVE-2024-27195
Cross-Site Request Forgery CSRF vulnerability in sverde1 Watermark RELOADED watermark-reloaded allows Cross Site Request Forgery.This issue affects Watermark RELOADED: from n/a through = 1.3.5...
CVE-2024-27195 WordPress Watermark RELOADED plugin <= 1.3.5 - CSRF to XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in sverde1 Watermark RELOADED watermark-reloaded allows Cross Site Request Forgery.This issue affects Watermark RELOADED: from n/a through = 1.3.5...
CVE-2024-27195
CVE-2024-27195 is a CSRF to Stored XSS vulnerability in Watermark RELOADED for WordPress, affecting Watermark RELOADED versions up to 1.3.5. The available connected sources confirm the issue and affected version range, with a CVSS v3.1 base score of 7.1 (HIGH). There is no published patch or miti...
CVE-2024-27195 WordPress Watermark RELOADED plugin <= 1.3.5 - CSRF to XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in sverde1 Watermark RELOADED watermark-reloaded allows Cross Site Request Forgery.This issue affects Watermark RELOADED: from n/a through = 1.3.5...
PT-2024-21731 · Unknown · Watermark Reloaded
Name of the Vulnerable Software and Affected Versions: Watermark RELOADED versions 1.3.5 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...
Watermark RELOADED <= 1.3.5 - Cross-Site Request Forgery via optionsPage
Description The Watermark RELOADED plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.5. This is due to missing or incorrect nonce validation on the 'optionsPage' function. This makes it possible for unauthenticated attackers to update plugin...
WordPress Watermark RELOADED Plugin <= 1.3.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software Watermark RELOADED Type Plugin Vulnerable versions = 1.3.5 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-27195 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID f6d96ac7d165 Credits Dimas Maulana...
WordPress Plugin Limit Login Attempts Reloaded Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
WordPress Limit Login Attempts Reloaded Plugin <= 2.25.26 is vulnerable to Cross Site Scripting (XSS)
Software Limit Login Attempts Reloaded Type Plugin Vulnerable versions = 2.25.26 Fixed in 2.25.27 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6934 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2de2d139dd65 Credits Hung...