WordPress plugin ARMember 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress WordPress File Upload plugin <= 4.24.8 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability

Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by wesley wcraft in WordPress Plugin WordPress File Upload versions = 4.24.8...

CVE-2024-4359

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 5.7.2 via the SVG widget and a lack of sufficient file validation in the rendersvg function...

WordPress plugin Fuse Social Floating Sidebar 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

Cairo: Multiple Vulnerabilities

Background Cairo is a 2D vector graphics library with cross-device output support. Description Multiple vulnerabilities have been discovered in Cairo. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There ...

WordPress Folders plugin <= 3.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by wesley wcraft in WordPress Plugin Folders versions = 3.0.3...

WonderCMS 安全漏洞

WonderCMS is an open source PHP-based content management system CMS from WonderCMS Inc. A security vulnerability exists in WonderCMS version 3.4.3, which stems from an arbitrary file upload vulnerability in the uploadFileAction function, allowing an attacker to execute arbitrary code via a crafte...

WordPress Support SVG plugin < 1.1.0 - Stored XSS via SVG Upload vulnerability

Stored XSS via SVG Upload vulnerability discovered by Rayhan Ramdhany Hanaputra in WordPress Plugin Support SVG versions 1.1.0...

CVE-2024-4269

The SVG Block WordPress plugin before 1.1.20 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks...

WordPress plugin Support SVG security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin Suppor...

Personal Management System security breach

Personal Management System is a web application for managing personal data by Dariusz Personal Developer. A security vulnerability exists in Personal Management System version 1.4.64, which stems from susceptibility to a stored cross-site scripting XSS attack that allows an attacker to upload an...

The vulnerability of the Collection Preview component of the edu-sharing e-learning platform management system allows a perpetrator to execute arbitrary code or trigger a service failure.

The vulnerability of the Collection Preview component in the edu-sharing e-learning platform management system involves unlimited downloading of dangerous files. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code using a specially created HTML file, or to...

WordPress Elementor Website Builder plugin <= 3.22.1 - Arbitrary SVG File Download vulnerability

Arbitrary SVG File Download vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Elementor Website Builder versions = 3.22.1...

OpenPLC 安全漏洞

OpenPLC is an open source programmable logic controller. It can provide low-cost industrial solutions for automation and research. OpenPLC suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can ...

CVE-2024-3633

The WebP & SVG Support WordPress plugin through 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

PT-2024-26957 · WordPress · Webp & Svg Support

Name of the Vulnerable Software and Affected Versions: WebP & SVG Support WordPress plugin versions prior to 1.4.1 Description: The issue concerns the WebP & SVG Support WordPress plugin, which fails to properly sanitise uploaded SVG files. This could allow users with a role as low as Author to...

USN-6848-1 roundcube vulnerabilities

Matthieu Faou and Denys Klymenko discovered that Roundcube incorrectly handled certain SVG images. A remote attacker could possibly use this issue to load arbitrary JavaScript code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.10. CVE-2023-5631 Rene...

WordPress Plugin Mime Types Extended Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CMSimple_XH Security Vulnerability

CMSimpleXH is a fast, small, easy-to-use and easy-to-install modular content management system CMS from CMSimpleXH open source. A security vulnerability exists in CMSimpleXH version 1.7.6, which stems from a cross-site scripting attack that can be performed by uploading a carefully crafted SVG...

PT-2024-25906 · Unknown · Cmsimple Xh

Name of the Vulnerable Software and Affected Versions: CMSimple XH version 1.7.6 Description: The issue allows for cross-site scripting XSS by uploading a crafted SVG document. Recommendations: For CMSimple XH version 1.7.6, as a temporary workaround, consider restricting the upload of SVG...