CVE-2024-8485

The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo due to missing validation on the 'openid' user controlled key that determines what user will be updated. This makes it...

CVE-2024-8484

The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2024-8350

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgmmanagement/v1/adduser/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible for authenticated attackers, with group...

CVE-2024-8350 Uncanny Groups for LearnDash <= 6.1.0.1 - Missing Authorization to Authenticated (Group Leader+) User Group Add

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgmmanagement/v1/adduser/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible for authenticated attackers, with group...

CVE-2024-8350 Uncanny Groups for LearnDash <= 6.1.0.1 - Missing Authorization to Authenticated (Group Leader+) User Group Add

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgmmanagement/v1/adduser/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible for authenticated attackers, with group...

CVE-2024-8485

The REST API TO MiniProgram plugin for WordPress is vulnerable to unauthenticated privilege escalation up to version 4.7.1. The flaw is in updateUserInfo(), caused by missing validation of the openid user-controlled key, allowing an attacker to update arbitrary user accounts (e.g., changing email...

CVE-2024-8484 REST API TO MiniProgram <= 4.7.1 - Unauthenticated SQL Injection

The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2024-8484

CVE-2024-8484 concerns the WordPress REST API TO MiniProgram plugin. The vulnerability is a SQL Injection in the /wp-json/watch-life-net/v1/comment/getcomments endpoint, exploitable via the attacker-controlled order parameter. It affects all versions up to and including 4.7.1 and is described as ...

CVE-2024-8484 REST API TO MiniProgram <= 4.7.1 - Unauthenticated SQL Injection

The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of...

WordPress plugin REST API TO MiniProgram 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Exploit for SQL Injection in Jianbo Rest_Api_To_Miniprogram

CVE-2024-8484 REST API TO MiniProgram = 4.7.1 - Unauthenti...

WordPress REST API TO MiniProgram Plugin <= 4.7.1 is vulnerable to SQL Injection

Software REST API TO MiniProgram Type Plugin Vulnerable versions = 4.7.1 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8484 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID a9593ec18e0a Credits wesley wcraft Required privilege...

Checkmk 安全漏洞

Checkmk is an IT monitoring platform from Checkmk, Inc. A security vulnerability exists in Checkmk versions prior to 2.3.0p16 and prior to 2.2.0p34, which stems from a two-factor authentication bypass in RestAPI that could allow authenticated users to bypass two-factor authentication...

Error occurred during certificate processing. — Upgrade Veeam Backup Enterprise Manager Error

Challenge When attempting to upgrade an existing Veeam Backup Enterprise Manager deployment to version 12.2, the installer fails, displaying the error: Error occurred during certificate processing. Cause This error occurs when the TLS certificate used for REST API doesn't specify a certificate...

Successful user login events using PAT does not update last login date and are not added to the audit logs

h3. Issue Summary When users authenticate on Confluence, this information should be update last login date as well as add as new events on the audit log when full coverage is enabled for the Security category. Requests made with personal access tokens PAT for REST API won't create a new entry on...

CVE-2024-8529

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'cfields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2024-8529 LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_fields'

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'cfields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2024-8529

CVE-2024-8529 – LearnPress : The LearnPress WordPress LMS Plugin (versions ≤ 4.2.7) is vulnerable to unauthenticated SQL injection via the c_fields parameter in the /wp-json/lp/v1/courses/archive-course REST API. This is due to insufficient escaping and lack of proper SQL query preparation, allow...

CVE-2024-8522

CVE-2024-8522 (LearnPress = 4.2.7.1 or newer as indicated by sources.

CVE-2024-8522 LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields'

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'conlyfields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...