Plane 代码问题漏洞

Plane is an open-source, self-hosted project planning tool developed by Plane OpenSource. Versions of Plane prior to 1.2.3 contained code vulnerabilities. These vulnerabilities stemmed from the Webhook URL validation only checking ip.isloopback, which could allow attackers with the ADMIN role to...

CVE-2024-6692

The Easy Digital Downloads – Sell Digital Files & Subscriptions eCommerce Store + Payments Made Easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Agreement Text value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escapin...

CVE-2024-4902

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘courseid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi...

PT-2023-28757 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: Seacms versions up to v12.8 Description: A Cross-Site Request Forgery CSRF in admin manager.php allows attackers to arbitrarily add an admin account. Recommendations: For Seacms versions up to v12.8, update to a version later than v12.8 to...