32 matches found
CVE-2018-25393 Navigate CMS 2.8.5 Path Traversal via navigate_download.php
Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigatedownload.php with path traversal payloads ../../../cfg/globals.php to...
Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.8.5 security update
The multicluster engine for Kubernetes 2.8 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.8 images The multicluster engine for Kubernetes provides the foundational components that are...
MiracleLinux 4 : gnutls-2.8.5-19.AXS4 (AXSA:2016-014:01)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-014:01 advisory. GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implements the...
EUVD-2025-30537
Malicious code in bioql PyPI...
CVE-2025-58677
Cross-Site Request Forgery CSRF vulnerability in puravida1976 ShrinkTheWeb STW Website Previews shrinktheweb-website-preview-plugin allows Stored XSS.This issue affects ShrinkTheWeb STW Website Previews: from n/a through = 2.8.5...
CVE-2025-58677
Cross-Site Request Forgery CSRF vulnerability in puravida1976 ShrinkTheWeb STW Website Previews shrinktheweb-website-preview-plugin allows Stored XSS.This issue affects ShrinkTheWeb STW Website Previews: from n/a through = 2.8.5...
WordPress ShrinkTheWeb (STW) Website Previews Plugin <= 2.8.5 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin ShrinkTheWeb STW Website Previews versions = 2.8.5...
CVE-2025-58677
Technical details about CVE-2025-58677 are not provided in the supplied documents. The Initial Description notes a CSRF-related Stored XSS affecting ShrinkTheWeb up to 2.8.5, but specific vectors, vulnerable components, affected files, or remediation steps are not disclosed here; monitor for upda...
PT-2025-38965
Name of the Vulnerable Software and Affected Versions ShrinkTheWeb STW Website Previews versions through 2.8.5 Description A Cross-Site Request Forgery CSRF issue exists in ShrinkTheWeb STW Website Previews, which also allows Stored Cross-Site Scripting XSS. This allows an attacker to perform...
CVE-2025-8147
The LWSCache plugin for WordPress is vulnerable to unauthorized modification of data due to improper authorization on the lwscacheactivatePlugin function in all versions up to, and including, 2.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
PT-2025-35187
Name of the Vulnerable Software and Affected Versions: LWSCache plugin for WordPress versions up to and including 2.8.5 Description: The LWSCache plugin for WordPress is susceptible to unauthorized data modification because of insufficient authorization within the lwscache activatePlugin function...
WordPress LWSCache plugin <= 2.8.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation via lwscache_activatePlugin Function vulnerability
Missing Authorization to Authenticated Subscriber+ Limited Plugin Activation via lwscacheactivatePlugin Function vulnerability discovered by wesley wcraft in WordPress Plugin LWSCache versions = 2.8.5...
WordPress BuddyForms Plugin <= 2.8.5 is vulnerable to Cross Site Scripting (XSS)
Software BuddyForms Type Plugin Vulnerable versions = 2.8.5 Fixed in 2.8.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30198 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID f21da7d6bb61 Credits Dimas Maulana Required privilege...
WordPress plugin Friends security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress Friends Plugin <= 2.8.5 is vulnerable to Server Side Request Forgery (SSRF)
Software Friends Type Plugin Vulnerable versions = 2.8.5 Fixed in 2.8.6 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-1978 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID c75d983a4b44 Credits Francisco Gutierrez Required privilege...
PT-2023-12488 · WordPress · Doneren Met Mollie
Name of the Vulnerable Software and Affected Versions: Doneren met Mollie plugin for WordPress versions up to and including 2.8.5 Description: The issue concerns Sensitive Data Exposure due to missing capability checks in the dmm export donations function, which is called via the admin post dmm...
Gentoo 安全漏洞
Gentoo is an open source Linux system from the Gentoo Foundation. A security vulnerability exists in Gentoo man-db versions prior to 2.8.5. An attacker exploited the vulnerability to gain root privileges...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials which leaks the Authorization header after a redirect to a different port on the same site. Remediation Upgrade mechanize to version 2.8.5 or higher. References - GitHub Commit - GitHub PR...
DEBIAN-CVE-2022-31033
The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. In versions prior to 2.8.5 the Authorization header is leaked after a redirect to a different port on the same site...
HTML5 Responsive FAQ <= 2.8.5 - Admin+ Stored Cross-Site Scripting
The plugin does not properly sanitise and escape some of its settings, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed PoC Put the following payload in the "Text size of answer in pixels" settings: alert'XSS';...