EUVD-2024-27848

Malicious code in bioql PyPI...

CVE-2024-37498

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pauple Table & Contact Form 7 Database – Tablesome.This issue affects Table & Contact Form 7 Database – Tablesome: from n/a through 1.0.33...

WordPress Product Designer plugin <= 1.0.33 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Emili Castells Patchstack Alliance in WordPress Plugin Product Designer versions = 1.0.33...

WordPress Product Designer plugin <= 1.0.33 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability discovered by Lucio Sá in WordPress Plugin Product Designer versions = 1.0.33...

WordPress plugin Product Designer security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-26888 · WordPress · Product Designer

Name of the Vulnerable Software and Affected Versions: Product Designer plugin for WordPress versions up to, and including, 1.0.33 Description: The issue is related to a missing capability check on the product designer ajax delete attach id function, which allows unauthorized loss of data. This...

WordPress Table & Contact Form 7 Database – Tablesome Plugin <= 1.0.33 is vulnerable to Sensitive Data Exposure

Software Table & Contact Form 7 Database – Tablesome Type Plugin Vulnerable versions = 1.0.33 Fixed in 1.0.34 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-37498 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b592d73e1659...

PT-2024-22692

Name of the Vulnerable Software and Affected Versions Extend Themes Calliope versions 1.0.33 and earlier Description The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application...

WebAssembly Buffer Error Vulnerability

WebAssembly is a binary instruction format for stack-based virtual machines from WebAssembly. A security vulnerability exists in WebAssembly wabt version 1.0.33, which stems from an out-of-bounds read vulnerability in the function DataSegment::IsValidRange...

Cross site scripting

A vulnerability classified as problematic has been found in Indeed Engineering util up to 1.0.33. Affected is the function visit/appendTo of the file varexport/src/main/java/com/indeed/util/varexport/servlet/ViewExportedVariablesServlet.java. The manipulation leads to cross site scripting. It is...

Indeed Engineering util 跨站脚本漏洞

util is a set of useful Java utilities open-sourced by Indeed Engineering. A cross-site scripting vulnerability exists in Indeed Engineering util versions prior to 1.0.33. Attackers use this vulnerability to execute cross-site scripting attacks...

WordPress Mingle Forum 1.0.33 Cross Site Scripting

Hi We have used our tool, THAPS, to identify vulnerabilities in this WordPress plugin. We have confirmed at least one of the reported vulnerabilities and created a working exploit located below. Attached is one or more log files containing the output of our tool, identifying the location of the...