CVE-2023-26478

XWiki Platform is a generic wiki platform. Starting in version 14.3-rc-1, org.xwiki.store.script.TemporaryAttachmentsScriptServiceuploadTemporaryAttachment returns an instance of com.xpn.xwiki.doc.XWikiAttachment. This class is not supported to be exposed to users without the programing right...

WordPress Plugin Awesome Support Access Control Error Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An Access Control Error vulnerability exist...

CVE-2023-26478 org.xwiki.platform:xwiki-platform-store-filesystem-oldcore has Exposed Dangerous Method or Function

XWiki Platform is a generic wiki platform. Starting in version 14.3-rc-1, org.xwiki.store.script.TemporaryAttachmentsScriptServiceuploadTemporaryAttachment returns an instance of com.xpn.xwiki.doc.XWikiAttachment. This class is not supported to be exposed to users without the programing right...

CVE-2021-43258

CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores...