WordPress plugin Fancy Product Designer has a security vulnerability.

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

iWT FaceSentry Access Control System 安全漏洞

The iWT FaceSentry Access Control System is an iWT open source application. It provides an access control function. A security vulnerability exists in iWT FaceSentry Access Control System version 6.4.8, which stems from the presence of hard-coded SSH credentials and improperly configured sudoers,...

PT-2025-53327

Name of the Vulnerable Software and Affected Versions FaceSentry Access Control System version 6.4.8 Description The FaceSentry Access Control System contains an authentication issue involving hard-coded SSH credentials for the wwwuser account. An insecure sudoers configuration allows attackers t...

WordPress plugin Fancy Product Designer 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...

EUVD-2025-200203

The Photo Gallery by Ays plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.8. This is due to missing nonce verification on the bulk action functionality in the 'processbulkaction' function. This makes it possible for unauthenticated attacke...

CVE-2025-24887

OpenCTI is an open-source cyber threat intelligence platform. In versions starting from 6.4.8 to before 6.4.10, the allow/deny lists can be bypassed, allowing a user to change attributes that are intended to be unmodifiable by the user. It is possible to toggle the external flag on/off and change...

PYSEC-2025-178

OpenCTI is an open-source cyber threat intelligence platform. In versions starting from 6.4.8 to before 6.4.10, the allow/deny lists can be bypassed, allowing a user to change attributes that are intended to be unmodifiable by the user. It is possible to toggle the external flag on/off and change...

CVE-2024-10356

The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

WordPress plugin ElementsReady Addons for Elementor 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

Logsign Unified SecOps Platform 操作系统命令注入漏洞

Logsign Unified SecOps Platform is a security operations platform from Logsign, Inc. for collecting, storing, analyzing, and responding to security data from a variety of sources. An operating system command injection vulnerability exists in Logsign Unified SecOps Platform versions prior to 6.4.8...

LogSign Unified SecOps Platform 安全漏洞

Logsign Unified SecOps Platform is a security operations platform from Logsign, Inc. for collecting, storing, analyzing, and responding to security data from a variety of sources. A security vulnerability exists in LogSign Unified SecOps Platform versions prior to 6.4.8, which stems from a lack o...

Zabbix Security Vulnerabilities

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring. A security vulnerability exists in Zabbix Agent, which stems from the presence of a buffer overflow vulnerability. Affected products and...

WordPress Complianz - GDPR/CCPA Cookie Consent Premium Plugin < 6.4.8 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:really-simple-plugins:complianzpremium"; if description...

WordPress Complianz Premium Plugin <= 6.4.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Complianz Premium Type Plugin Vulnerable versions = 6.4.7 Fixed in 6.4.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-34030 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8ec92260cc85 Credits Rafie Muhammad...

CVE-2016-6668 - The HipChat plugin for various products leaks the secret key it uses to communicate with a linked HipChat instance.

The HipChat for JIRA plugin exposed the secret key it used to communicate with a linked HipChat service in various pages. For this vulnerability to affect your JIRA instance you must have a HipChat integration established. To exploit this issue in JIRA versions 7.0.0 and higher, attackers need to...