2 matches found
PT-2024-38391 · WordPress · Download Plugins/Themes In Zip From Dashboard
Name of the Vulnerable Software and Affected Versions: Download Plugins and Themes in ZIP from Dashboard plugin for WordPress versions prior to 1.8.8 Description: The issue is due to missing or incorrect nonce validation on the download theme function, making it possible for unauthenticated...
PT-2023-31671 · Hestiacp · Hestiacp
Name of the Vulnerable Software and Affected Versions: hestiacp/hestiacp versions prior to 1.8.8 Description: The issue is related to Cross-site Scripting XSS - Reflected. This means that an attacker can inject malicious scripts into a website, which can then be executed by other users. The...