13 matches found
EUVD-2018-5086
Malware in sbrugna...
CVE-2024-1204
The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts...
CVE-2025-32235 WordPress MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin <= 5.9.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.9.4...
PT-2024-33412 · Unknown · Profilegrid
Name of the Vulnerable Software and Affected Versions: ProfileGrid versions prior to 5.9.4 Description: A Missing Authorization issue has been identified. This issue affects ProfileGrid, allowing unauthorized access. Recommendations: For versions prior to 5.9.4, update to version 5.9.4 or later t...
PT-2024-17988 · WordPress · Event Post Plugin
Name of the Vulnerable Software and Affected Versions: Event post plugin for WordPress versions up to, and including, 5.9.4 Description: The issue allows authenticated attackers with subscriber access or higher to update post meta data due to a missing capability check on the save bulkdatas...
WordPress Plugin Meta Box 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress plugin Essential Addons for Elementor security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability in the WordPress...
CVE-2022-47194
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...
PT-2023-15235 · Ghost Foundation · Ghost
Name of the Vulnerable Software and Affected Versions: Ghost Foundation Ghost version 5.9.4 Description: An insecure default vulnerability exists in the Post Creation functionality, allowing non-administrator users to inject arbitrary Javascript in posts. This enables privilege escalation to...
PT-2023-15233 · Ghost · Ghost
Name of the Vulnerable Software and Affected Versions: Ghost versions 5.9.4 Description: An insecure default issue exists in the Post Creation functionality, allowing non-administrator users to inject arbitrary Javascript in posts. This enables privilege escalation to administrator via XSS. An...
ALPINE-CVE-2021-41990
The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur...
strongSwan 输入验证错误漏洞
strongSwan is a Swiss Andreas Steffen personal developer of a Linux platform to use the open source IPsec-based VPN solution. The solution includes authentication mechanisms such as X.509 public key certificates, securely stored private keys, and smart cards. An input validation error vulnerabili...
PT-2019-8926 · WordPress · Events Manager
Name of the Vulnerable Software and Affected Versions: Events Manager plugin version 5.9.4 Description: The issue concerns a cross-site scripting XSS problem. It is exploited via the dbem event reapproved email body parameter to the "wp-admin/edit.php?post type=event&page=events-manager-options"...