PT-2024-33625 · Unknown · Latex2Html

Name of the Vulnerable Software and Affected Versions: LaTeX2HTML versions n/a through 2.5.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks. Recommendations: For versio...

WordPress WpEvently plugin <= 4.2.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin WpEvently versions = 4.2.5...

WordPress Most And Least Read Posts Widget plugin <= 2.5.18 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Most And Least Read Posts Widget versions = 2.5.18...

PT-2024-38379 · WordPress · Forms For Mailchimp By Optin Cat

Name of the Vulnerable Software and Affected Versions: The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress versions up to, and including, 2.5.6 Description: The issue is related to Stored Cross-Site Scripting via the form color parameters due to insufficient input...

PT-2024-32546 · Unknown · Sky Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Sky Addons for Elementor versions through 2.5.11 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Stored XSS. This means that an attacker ca...

CVE-2024-43988

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in digitalnature Mystique allows Stored XSS.This issue affects Mystique: from n/a through 2.5.7...

WordPress Houzez Login Register plugin <= 3.2.5 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Kursat Cetin in WordPress Plugin Houzez Login Register versions = 3.2.5...

WordPress JobSearch WP Job Board WordPress Plugin plugin <= 2.5.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin JobSearch versions = 2.5.4...

PT-2024-5230 · Apache · Apache Traffic Server

Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions 8.0.0 through 8.1.10 Apache Traffic Server versions 9.0.0 through 9.2.4 Description: The issue arises from Apache Traffic Server forwarding malformed HTTP chunked trailer sections to origin servers, which can be...

WordPress Ultimate Auction plugin <= 4.2.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Ultimate Auction versions = 4.2.5...

CVE-2024-5215

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2024-23781

Name of the Vulnerable Software and Affected Versions WordPress versions 5.9 through 5.9.9 WordPress versions 6.0 through 6.0.8 WordPress versions 6.1 through 6.1.6 WordPress versions 6.2 through 6.2.5 WordPress versions 6.3 through 6.3.4 WordPress versions 6.4 through 6.4.4 WordPress versions 6....

WordPress Slideshow SE plugin <= 2.5.20 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Slideshow SE versions = 2.5.20...

WordPress plugin DELUCKS SEO security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin WPKoi Templates for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

NASA AIT-Core 安全漏洞

NASA AIT-Core is a Python-based software suite organized by NASA. A security vulnerability exists in NASA AIT-Core version v2.5.2 that originates from allowing an attacker to execute arbitrary commands...

NASA AIT-Core 安全漏洞

NASA AIT-Core is a Python-based software suite organized by NASA. A security vulnerability exists in NASA AIT-Core version 2.5.2 that stems from the use of an unencrypted channel to exchange data over a network, which allows an attacker to perform a man-in-the-middle attack...

Uniform Server Zero 安全漏洞

Uniform Server Zero is a free and lightweight WAMP server solution for Windows from the Uniform Server team. A security vulnerability exists in Uniform Server Zero version 10.2.5, which stems from a cross-site scripting vulnerability in the /usextra/phpinfo.php page...

WordPress Radio Station plugin <= 2.5.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Radio Station versions = 2.5.7...

PT-2024-12074 · WordPress · Shoaib Saleem Wp Post Rating

Name of the Vulnerable Software and Affected Versions: Shoaib Saleem WP Post Rating versions through 2.5 Description: The issue is related to a Missing Authorization vulnerability, which allows for Functionality Misuse in Shoaib Saleem WP Post Rating. Recommendations: For versions through 2.5,...