163 matches found
WordPress Better Find and Replace Plugin <= 1.6.1 is vulnerable to PHP Object Injection
Software Better Find and Replace Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-39636 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID c0c0efbac1bd Credits Trình Vũ Sonicrrrr from VNPT-VCI...
CVE-2024-38759
Deserialization of Untrusted Data vulnerability in WP MEDIA SAS Search & Replace search-and-replace.This issue affects Search & Replace: from n/a through 3.2.2...
PT-2024-28200 · WordPress · Wp Media Sas Search & Replace
Name of the Vulnerable Software and Affected Versions: WP MEDIA SAS Search & Replace versions n/a through 3.2.2 Description: The issue is related to Deserialization of Untrusted Data, which affects the Search & Replace plugin. Recommendations: For versions n/a through 3.2.2, update to a version...
WordPress CM WordPress Search And Replace Plugin plugin < 1.3.9 - Plugin Reset via CSRF vulnerability
Plugin Reset via CSRF vulnerability discovered by Felipe Caon in WordPress Plugin CM On Demand Search And Replace versions 1.3.9...
WordPress CM On Demand Search And Replace Plugin < 1.3.9 is vulnerable to Cross Site Request Forgery (CSRF)
Software CM On Demand Search And Replace Type Plugin Vulnerable versions 1.3.9 Fixed in 1.3.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5028 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 576a4082c0ff Credits Felipe...
CVE-2024-5028 CM WordPress Search And Replace Plugin < 1.3.9 - Plugin Reset via CSRF
The CM WordPress Search And Replace Plugin WordPress plugin before 1.3.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CVE-2024-5028 CM WordPress Search And Replace Plugin < 1.3.9 - Plugin Reset via CSRF
The CM WordPress Search And Replace Plugin WordPress plugin before 1.3.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CVE-2024-5028
CVE-2024-5028 —The CM WordPress Search And Replace Plugin (pre-1.3.9) lacks CSRF checks in some areas, enabling attackers to induce logged-in users to perform unwanted actions via CSRF. Red Hat and Patchstack entries corroborate the issue and reference the same plugin/version window. Wordfence vu...
WordPress Search & Replace plugin <= 3.2.2 - Deserialization of untrusted data vulnerability
Deserialization of untrusted data vulnerability discovered by Trình Vũ / Sonicrrrr from VNPT-VCI Patchstack Alliance in WordPress Plugin Search & Replace versions = 3.2.2...
WordPress Search & Replace plugin < 3.2.2 - Admin+ SQL injection vulnerability
Admin+ SQL injection vulnerability discovered by Krugov Artyom in WordPress Plugin Search & Replace versions 3.2.2...
CVE-2024-4145
The Search & Replace WordPress plugin before 3.2.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks such as within a multi-site network...
WordPress plugin Search & Replace security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-24361 · Kohya Ss · Kohya Ss
Name of the Vulnerable Software and Affected Versions: Kohya ss versions prior to 23.1.5 Description: Kohya ss is a GUI for Kohya's Stable Diffusion trainers. It is vulnerable to a path injection in the common gui.py find and replace function. Recommendations: For versions prior to 23.1.5, update...
PT-2024-6465 · D Link · D-Link Dns-321 +16
Name of the Vulnerable Software and Affected Versions: D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 versions up to 20240814...
[SECURITY] Fedora 40 Update: rsyntaxtextarea-3.1.3-11.fc40
RSyntaxTextArea is a customizable, syntax highlighting text component for Java Swing applications. Out of the box, it supports syntax highlighting for 40+ programming languages, code folding, search and replace, and has add-on libraries for code completion and spell checking. Syntax highlighting...
WordPress Ninja Tables Plugin <= 5.0.5 is vulnerable to Broken Access Control
Software Ninja Tables Type Plugin Vulnerable versions = 5.0.5 Fixed in 5.0.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-23504 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 86a45ee34ff9 Credits emad Required privilege...
CVE-2023-28749
Cross-Site Request Forgery CSRF vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin = 1.3.0 versions...
CVE-2023-28749
Cross-Site Request Forgery CSRF vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin = 1.3.0 versions...
CVE-2023-28749
CVE-2023-28749 : CSRF vulnerability in CM On Demand Search And Replace (WordPress plugin)
CVE-2023-28749 WordPress CM On Demand Search And Replace Plugin <= 1.3.0 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin = 1.3.0 versions...