WordPress miniorange otp verification plugin <= 5.4.9 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Peng Zhou in WordPress Plugin miniorange otp verification versions = 5.4.9...

CVE-2022-22704

The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would in effect determine part of the configuration...

CVE-2025-26708 ZTELink has a configuration defect vulnerability

There is a configuration defect vulnerability in ZTELink 5.4.9 for iOS. This vulnerability is caused by a flaw in the WiFi parameter configuration of the ZTELink. An attacker can obtain unauthorized access to the WiFi service...

CVE-2024-52292 Craft Allows Attackers to Read Arbitrary System Files

Craft is a content management system CMS. The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-encoded string. By embedding this function...

PT-2024-28616 · Hibernate · Hibernate

Name of the Vulnerable Software and Affected Versions: NHibernate versions prior to 5.4.9 NHibernate versions prior to 5.5.2 Description: A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. This vulnerability affects callers of these methods, including...

WordPress Woffice Core Plugin <= 5.4.8 is vulnerable to Broken Access Control

Software Woffice Core Type Plugin Vulnerable versions = 5.4.8 Fixed in 5.4.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37470 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID d7dfbe1583d4 Credits Rafie Muhammad Patchstack...

WordPress Essential Addons for Elementor Pro Plugin < 5.4.9 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpdeveloper:essentialaddonsforelementor"; if description...

WordPress plugin 跨站脚本漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. A cross-site scripting vulnerability exists in versions of the WordPress Booster for WooCommerce plugin prior to 5.4.9. createproductsxmlresult parameter is escaped and filtered, an attacker can...

CVE-2017-1000431

eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials...