PT-2022-16711 · WordPress · Resmush.It

Name of the Vulnerable Software and Affected Versions: reSmush.it plugin versions prior to 0.4.4 Description: The issue concerns a lack of authorization in various AJAX actions within the reSmush.it plugin, allowing any logged-in users, such as subscribers, to call these actions. Recommendations:...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure. When a timeout occurs under a high load, it can cause incorrect data to be returned as the result of an asynchronously executed query. Notes: 1 This vulnerability only affects applications that communicate with...

WordPress plugin Product Stock Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

CVE-2022-42749

CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

CVE-2022-2696

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation. This makes it possible for authenticated attacke...

PT-2022-24056 · WordPress · The Restaurant Menu – Food Ordering System – Table Reservation

Name of the Vulnerable Software and Affected Versions: The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress versions up to, and including, 2.3.1 Description: The issue is due to missing or incorrect nonce validation on several functions called via AJAX actions, such...

CVE-2022-2627

The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting...

PT-2022-15023 · WordPress · Newspaper

Name of the Vulnerable Software and Affected Versions: Newspaper WordPress theme versions prior to 12 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitized before being outputted back in an HTML attribute via an AJAX...

WordPress theme Newspaper 跨站脚本漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A cross-site scripting vulnerability exists in versions of WordPress theme Newspaper prior to 12, whi...

WordPress theme Newspaper 跨站脚本漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A cross-site scripting vulnerability exists in versions of WordPress theme Newspaper prior to 12, whi...

GHSA-HFF2-X2J9-GXGV Keylime: unhandled exceptions could lead to invalid attestation states

Impact This vulnerability creates a false sense of security for keylime users -- i.e. a user could query keylime and conclude that a parcitular node/agent is correctly attested, while attestations are not in fact taking place. Short explanation: the keylime verifier creates periodic reports on th...

Keylime: unhandled exceptions could lead to invalid attestation states

Impact This vulnerability creates a false sense of security for keylime users -- i.e. a user could query keylime and conclude that a parcitular node/agent is correctly attested, while attestations are not in fact taking place. Short explanation: the keylime verifier creates periodic reports on th...

WordPress plugin Blog2Social 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Blog2Social version before 6.9.10...

OpenCats 代码问题漏洞

OpenCats is an open source recruitment process management system. A security vulnerability exists in OpenCats v0.9.6, which stems from a security issue in the ajax function of getDataGridPager. No detailed vulnerability details are available at this time...

Embracing Virtual Threads

Project Loom has made it into the JDK through JEP 425. Its available since Java 19 in September 2022 as a preview feature. Its goal is to dramatically reduce the effort of writing, maintaining, and observing high-throughput concurrent applications. Where Virtual Threads make sense This makes...

PT-2022-20811 · WordPress · Integration For Billingo & Gravity Forms +2

Name of the Vulnerable Software and Affected Versions: Woo Billingo Plus WordPress plugin versions prior to 4.4.5.4 Integration for Billingo & Gravity Forms WordPress plugin versions prior to 1.0.4 Integration for Szamlazz.hu & Gravity Forms WordPress plugin versions prior to 1.2.7 Description: T...

UBUNTU-CVE-2022-2839

The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them t...

WordPress plugin WP Popup Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress WP Popup Builder...

PSAsyncShell - PowerShell Asynchronous TCP Reverse Shell

PSAsyncShell is an Asynchronous TCP Reverse Shell written in pure PowerShell. Unlike other reverse shells, all the communication and execution flow is done asynchronously, allowing to bypass some firewalls and some countermeasures against this kind of remote connections. Additionally, this tool...

WordPress plugin BadgeOS SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...