sonar-wrapper 命令注入漏洞

sonar-wrapper is a package by loic rondel individual developer that wraps SonarQube Scanner as a node module. A security vulnerability exists in sonar-wrapper, which stems from a command injection attack injection point in sonarRunner.js...

CVE-2022-2437

The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'ftsurl' parameter in versions up to, and including 2.9.8.5. This makes it possible for unauthenticated attackers to call files using a PHAR wrapper that will...

CVE-2022-2444

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remotedata' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call...

CVE-2022-2444

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remotedata' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call...

Deserialization of untrusted data

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remotedata' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call...

Deserialization of untrusted data

The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'ftsurl' parameter in versions up to, and including 2.9.8.5. This makes it possible for unauthenticated attackers to call files using a PHAR wrapper that will...

CVE-2022-2437

CVE-2022-2437 affects the WordPress plugin Feed Them Social (versions up to and including 2.9.8.5). The vulnerability is described as deserialization of untrusted input through the fts_url parameter, enabling an unauthenticated attacker to trigger a PHAR wrapper to deserialize data and invoke arb...

CVE-2022-2444

The CVE-2022-2444 issue affects the WordPress plugin Visualizer (Tables and Charts Manager) up to version 3.7.9. It hinges on deserialization of untrusted input via the remote_data parameter, allowing authenticated attackers with contributor privileges to upload a payload that can be executed thr...

CVE-2022-2444 Visualizer: Tables and Charts Manager for WordPress <= 3.7.9 - Authenticated (Contributor+) PHAR Deserialization

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remotedata' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call...

PT-2022-16697 · WordPress · The Visualizer: Tables/Charts Manager For Wordpress

Name of the Vulnerable Software and Affected Versions: The Visualizer: Tables and Charts Manager for WordPress versions up to, and including 3.7.9 Description: The issue concerns deserialization of untrusted input via the remote data parameter. This allows authenticated attackers with contributor...

WordPress plugin Feed Them Social 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Feed Them...

PT-2022-16649 · WordPress · Feed Them Social

Name of the Vulnerable Software and Affected Versions: Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress versions up to, and including 2.9.8.5 Description: The issue allows deserialization of untrusted input via the fts url parameter. This enables unauthenticated attacker...

Visualizer: Tables and Charts Manager for WordPress < 3.7.10 - Contributor+ PHAR Deserialization

The plugin does not validate the ‘remotedata’ parameter allowing contributor and above roles to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP objects when a POP chain is present...

Malicious Package

Overview react-swipeable-wrapper-example is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable i...

Malicious code in editor-with-wrapper-no-modal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 51686c2414d61dee9e94ea84369aa9e2aac2ae6984737e6007c2566b8a9ff569 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2668 Malicious code in editor-with-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 50810274815cc122c9e2f2b32e58d400a2c18128d505458cc04673676b46b504 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in viewer-with-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 66a8e562679fbf09b06a6287638fe461f954f8a4317f709aaa891e97be95be34 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6929 Malicious code in viewer-with-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 66a8e562679fbf09b06a6287638fe461f954f8a4317f709aaa891e97be95be34 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in editor-with-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 50810274815cc122c9e2f2b32e58d400a2c18128d505458cc04673676b46b504 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5663 Malicious code in react-overlays-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e9ec5e5b499d06ac9ad3a7ec68fa8419625dca65d4e534e4a449739421e23e64 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...