CVE-2024-1504

CVE-2024-1504 (Red Hat entry mirrors SecuPress Free WordPress Security plugin) is a CSRF vulnerability in SecuPress Free prior to or up to version 2.2.5.1. The root cause is missing or incorrect nonce validation in secupress_blackhole_ban_ip(), allowing unauthenticated attackers to forge a reques...

WordPress SecuPress plugin <= 2.2.5.1 - Cross-Site Request Forgery to Banned IP Address vulnerability

Cross-Site Request Forgery to Banned IP Address vulnerability discovered by Lucio Sá in WordPress Plugin SecuPress Free versions = 2.2.5.1...

PT-2024-18097 · WordPress · Secupress Free

Name of the Vulnerable Software and Affected Versions: SecuPress Free — WordPress Security plugin versions up to, and including, 2.2.5.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the secupress blackhole ban ip function. This...

WordPress SecuPress Free Plugin <= 2.2.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software SecuPress Free Type Plugin Vulnerable versions = 2.2.5.1 Fixed in 2.2.5.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1504 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e3f0f4ee5647 Credits Lucio Sá Required...

VLC Media Player Subtitle Remote Code Execution Vulnerability - Mac OS X

VLC media player is prone to a heap overflow vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

JVN#75615300: All in One SEO Pack information management vulnerability

All in One SEO Pack is a WordPress plugin. All in One SEO Pack automatically adds a meta tag "Meta Description" to a page using some part of its contents, and this behavior is enabled in the initial configuration. Meta Description can be added even when a page is password-protected, therefore som...