WordPress Plugin Avada 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

SAP NetWeaver 代码问题漏洞

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform mainly for SAP applications to provide development and runtime environment. A code issue vulnerability exists in SAP NetWeaver that stems from insufficient input validation, which c...

Red Hat JBoss Enterprise Application Platform 安全漏洞

Red Hat JBoss Enterprise Application Platform EAP is an open source, J2EE-based middleware platform from Red Hat, Inc. The platform is primarily used to build, deploy and host Java applications and services. A security vulnerability exists in Red Hat JBoss Enterprise Application Platform, which...

WordPress Plugin RapidLoad 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

PT-2024-23934 · Unknown · Rapidload Power-Up For Autoptimize

Name of the Vulnerable Software and Affected Versions: RapidLoad Power-Up for Autoptimize versions 2.2.11 and earlier Description: The issue is a Server-Side Request Forgery SSRF vulnerability. This means an attacker can potentially trick the server into making unauthorized requests, leading to...

VulnCheck KEV: CVE-2023-49785

NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2 and prior are vulnerable to server-side request forgery and cross-site scripting. This vulnerability enables read access to internal HTTP endpoints but also write access using...

WordPress RapidLoad plugin <= 2.2.11 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin RapidLoad versions = 2.2.11...

VulnCheck KEV: CVE-2024-1021

A vulnerability, which was classified as critical, has been found in Rebuild up to 3.5.5. Affected by this issue is the function readRawText of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The...

Vulnerabilities fixed in Cisco Identity Services Engine

Cisco has fixed vulnerabilities in Identity Services Engine. The vulnerabilities are located in the management interface and allow a malicious person with access to that interface to perform a Server-Side-Request-Forgery, or a Cross-Site-Request-Forgery to perform execution. Such an attack can le...

CVE-2024-24888

Server-Side Request Forgery SSRF vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through 3.2.25...

CVE-2024-25187

Server Side Request Forgery SSRF vulnerability in 71cms v1.0.0, allows remote unauthenticated attackers to obtain sensitive information via getweather.html...

WordPress plugin Nelio Content 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress Plugin Kadence Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.WordPress...

WordPress Plugin Builderall Builder for WordPress 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists i...

PT-2024-20644 · WordPress · Kadence Wp Gutenberg Blocks

Name of the Vulnerable Software and Affected Versions: Kadence WP Gutenberg Blocks versions through 3.2.25 Description: A Server-Side Request Forgery SSRF issue affects the software, allowing unauthorized access to internal resources. This can lead to sensitive data exposure or other malicious...

PT-2024-23461 · Builderall · Builderall Builder For Wordpress

Name of the Vulnerable Software and Affected Versions: Builderall Builder for WordPress versions n/a through 2.0.1 Description: A Server-Side Request Forgery SSRF issue affects Builderall Team Builderall Builder for WordPress. This issue allows for unauthorized requests to be made from the server...

PT-2024-21170 · Friendica · Friendica

Name of the Vulnerable Software and Affected Versions: Friendica versions after v.2023.12 Description: A Server Side Request Forgery SSRF issue allows a remote attacker to execute arbitrary code and obtain sensitive information via the fpostit.php component. Recommendations: For Friendica version...

WordPress Builderall Builder for WordPress plugin <= 2.0.1 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Builderall Builder for WordPress versions = 2.0.1...

WordPress Nelio Content plugin <= 3.2.0 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Nelio Content versions = 3.2.0...

VulnCheck KEV: CVE-2024-27954

The WordPress Automatic Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery and Arbitrary File Downloads in all versions up to, and including, 3.92.0. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web...