234 matches found
CVE-2024-57045
A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page...
CVE-2024-57045
A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page...
CVE-2024-57045
A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page...
CVE-2024-57045
CVE-2024-57045 concerns the D-Link DIR-859 router (firmware A3 1.05 and earlier). The connected Nuclei template confirms a critical information disclosure via an unauthenticated request to /getcfg.php, retrieving sensitive device account information and potentially admin credentials. The underlyi...
CVE-2024-57045
A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page...
CVE-2024-57045
A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page...
WordPress Product Input Fields for WooCommerce Plugin <= 1.9 is vulnerable to Path Traversal
Software Product Input Fields for WooCommerce Type Plugin Vulnerable versions = 1.9 Fixed in 2.0 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2024-10857 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1aed7531d6f7 Credits 1337Wannabe Required...
WordPress Quick Learn Plugin <= 1.0.1 is vulnerable to PHP Object Injection
Software Quick Learn Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52441 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 09d3039a1cf9 Credits LVT-tholv2k Required privilege Unauthenticated...
WordPress WooCommerce Price Alert Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)
Software WooCommerce Price Alert Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52469 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 64532f957694 Credits Mika Required privilege...
WordPress Google for WooCommerce Plugin <= 2.8.6 is vulnerable to Sensitive Data Exposure
Software Google for WooCommerce Type Plugin Vulnerable versions = 2.8.6 Fixed in 2.8.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-10486 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID aafd7d494c83 Credits Francesco Carlucci...
WordPress QRMenu Restaurant QR Menu Lite Plugin <= 1.0.3 is vulnerable to PHP Object Injection
Software QRMenu Restaurant QR Menu Lite Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52445 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID faf2a3afc906 Credits LVT-tholv2k Required...
WordPress Debug Tool Plugin <= 2.2 is vulnerable to Remote Code Execution (RCE)
Software Debug Tool Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-52416 Patch priority Medium CVSS severity Medium 10 Developer Claim ownership PSID d30460ac8a3a Credits Mika Required privilege Unauthenticated...
WordPress Testimonial Slider Shortcode Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)
Software Testimonial Slider Shortcode Type Plugin Vulnerable versions = 1.1.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51925 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 59c82ea20053 Credits Gab Required privilege...
WordPress Custom Dashboard Widget Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)
Software Custom Dashboard Widget Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51860 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dc49fe065d6e Credits SOPROBRO Required privilege...
WordPress Popup Image Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)
Software Popup Image Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51811 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6d6327c85e67 Credits SOPROBRO Required privilege Contributor...
WordPress Browsing History Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)
Software Browsing History Type Plugin Vulnerable versions = 1.3.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51885 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e79fa8e92191 Credits SOPROBRO Required privilege Contributor...
WordPress Advanced Video Player with Analytics Plugin <= 1 is vulnerable to Cross Site Scripting (XSS)
Software Advanced Video Player with Analytics Type Plugin Vulnerable versions = 1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51824 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f152b96175b2 Credits SOPROBRO Required...
WordPress Web Stories Widgets For Elementor Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)
Software Web Stories Widgets For Elementor Type Plugin Vulnerable versions = 1.1 Fixed in 1.1.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52354 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3d854e2af032 Credits theviper17 Required...
WordPress User Password Reset Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Software User Password Reset Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51714 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 916db7652ed6 Credits SOPROBRO Required privilege...
WordPress Golf Tracker Plugin <= 0.7 is vulnerable to SQL Injection
Software Golf Tracker Type Plugin Vulnerable versions = 0.7 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-51607 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 38232c097728 Credits LVT-tholv2k Required privilege Contributor Published 31...