WordPress plugin WP STAGING security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

node-ip 安全漏洞

node-ip is a node.js module by indutny individual developer. A security vulnerability exists in node-ip version 2.0.1 and earlier, which stems from incorrect categorization of certain IP addresses that can be globally routed via isPublic, potentially leading to server-side request forgery SSRF...

cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding

A server-side request forgery SSRF vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted...

WordPress WPCafe plugin <= 2.2.23 - Unauthenticated Blind Server-Side Request Forgery vulnerability

Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Lucio Sá in WordPress Plugin WPCafe versions = 2.2.23...

CVE-2024-1855

The WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.23 via the wpccheckforsubmission function. This makes it possible for unauthenticated...

WordPress Theme CAS 安全漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress Theme CAS 1.0.0 and earlier versions, which stems from the...

WordPress plugin WPCafe 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress MemberPress plugin <= 1.11.29 - Authenticated (Contributor+) Blind Server-Side Request Forgery via mepr-user-file Shortcode vulnerability

Authenticated Contributor+ Blind Server-Side Request Forgery via mepr-user-file Shortcode vulnerability discovered by stealthcopter in WordPress Plugin MemberPress versions = 1.11.29...

Open Library Foundation VuFind 安全漏洞

Open Library Foundation VuFind is an open source library resource discovery Discovery system from the Open Library Foundation. A security vulnerability exists in Open Library Foundation VuFind versions 2.4 through prior to 9.1.1, which stems from the presence of a server-side request forgery SSRF...

WordPress plugin Memberpress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability exists in...

PT-2024-18365 · WordPress · Wpcafe – Restaurant Menu

Name of the Vulnerable Software and Affected Versions: WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress versions up to, and including, 2.2.23 Description: The issue allows unauthenticated attackers to make web requests to...

WordPress Cost Calculator Builder Pro plugin <= 3.1.72 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by haidv35 in WordPress Plugin Cost Calculator Builder Pro versions = 3.1.72...

PT-2024-24906 · Unknown · Buddyforms

Name of the Vulnerable Software and Affected Versions: BuddyForms versions n/a through 2.8.8 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal', which allows Server Side Request Forgery and Relative Path Traversal...

CVE-2024-3485

Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure...

NetIQ iManager 安全漏洞

NetIQ iManager is an advanced web-based management console from NetIQ UK. Customized, secure access to network management utilities and content can be provided from any location in the world. A security vulnerability exists in NetIQ iManager version 3.2.6.0200, which stems from the presence of a...

NetIQ iManager 安全漏洞

NetIQ iManager is an advanced web-based management console from NetIQ UK. Customized, secure access to network management utilities and content can be provided from any location in the world. A security vulnerability exists in NetIQ iManager version 3.2.6.0200, which stems from the presence of a...

PT-2024-26232 · Opentext · Opentext Imanager

Name of the Vulnerable Software and Affected Versions: OpenText iManager version 3.2.6.0200 Description: A Server Side Request Forgery issue has been discovered, which could lead to sensitive information disclosure. Recommendations: For OpenText iManager version 3.2.6.0200, at the moment, there i...

PT-2024-28638 · Opentext · Opentext Imanager

Name of the Vulnerable Software and Affected Versions: OpenText iManager version 3.2.6.0200 Description: A Server Side Request Forgery vulnerability has been discovered, which could lead to sensitive information disclosure by directory traversal. Recommendations: For OpenText iManager version...

CVE-2024-4562

In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold's Issue exists in the HTTP Monitoring functionality. Due to the lack of proper authorization, any authenticated user can access the HTTP monitoring functionality, what leads to the Server Side Request...

CVE-2024-33864

An issue was discovered in linqi before 1.4.0.1 on Windows. There is SSRF via Document template generation; i.e., via remote images in process creation, file inclusion, and PDF document generation via malicious JavaScript...