PT-2026-42103

The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via 'internalOptions' localized script data in versions up to, and including, 4.9.7 due to sensitive internal option data being passed to wp localize script in post editor contexts without effective masking fo...

WordPress All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin <= 4.9.7 - Authenticated (Contributor+) Sensitive Information Exposure vulnerability

Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by 0x61626390 in WordPress Plugin All In One SEO Pack versions = 4.9.7...

EUVD-2024-36515

Malicious code in bioql PyPI...

CVE-2024-37227

Cross Site Request Forgery CSRF vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.7...

WordPress plugin WP All Import Pro 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site...

PT-2025-5988 · WordPress · Wp All Import Pro

Name of the Vulnerable Software and Affected Versions: WP All Import Pro versions up to and including 4.9.7 Description: The issue is related to cross-site request forgery due to missing nonce validation in the delete and edit function. This allows unauthenticated attackers to delete imported...

WordPress Survey Maker plugin <= 4.9.7 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Survey Maker versions = 4.9.5...

CVE-2024-37227

Cross Site Request Forgery CSRF vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.7...

WordPress ChatBot Plugin 4.8.6-4.9.6 is vulnerable to Cross Site Scripting (XSS)

Software ChatBot Type Plugin Vulnerable versions 4.8.6-4.9.6 Fixed in 4.9.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5606 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5c671cd5cf6e Credits Huynh Tien Si Required...

CVE-2020-17480

TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor...

Joomla! Component J-BusinessDirectory 4.9.7 - type SQL Injection

Joomla! Component J-BusinessDirectory 4.9.7 - type SQL Injection Exploit Title: Joomla! Component J-BusinessDirectory 4.9.7 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://cmsjunkie.com/ Software Link:...

WordPress 4.9.x < 4.9.7 Arbitrary File Deletion

According to its self-reported version number, the detected WordPress application is affected by issue that could allow a user who is able to edit uploaded media to attempt to delete files outside the uploads directory. Note that the scanner has not tested for these issues but has instead relied...

WordPress Arbitrary File Deletion Vulnerability (Jun 2018) - Windows

WordPress is prone to an arbitrary file deletion vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free softwar...

WordPress Arbitrary File Deletion Vulnerability (Jun 2018) - Linux

WordPress is prone to an arbitrary file deletion vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free softwar...

UBUNTU-CVE-2017-6001

Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perfeventopen system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fi...

PT-2017-2358 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.9.7 Description: The issue is related to a race condition in the kernel/events/core.c component of the Linux kernel. It allows local users to gain privileges via a crafted application that makes concurrent per...

OXID eShop CE 4.9.7 Path Traversal / Privilege Escalation

=== LSE Leading Security Experts GmbH - Security Advisory 2016-02-03 === OXID eShop Path Traversal Vulnerability ------------------------------------------------------------------------ Affected Versions ================= Community Edition 4.9.7 Issue Overview ============== Vulnerability Type:...

nukeditXSS.txt

Title : Nukedit Login.ASP Cross-Site Scripting Vulnerability Description : Nukedit is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. Software : http://www.nukedit.com/ Author : d3hydr8 Contact : d3hydr8atgmaildotcom Original...