WordPress 代码问题漏洞

WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. uninstall is one of the plugins used to completely uninstall WordPress. WordPress Plugin A code issue exists due to a missin...

PT-2021-22526 · Accesspress · Accesspress-Parallax +6

Name of the Vulnerable Software and Affected Versions: AccessPress Demo Importer versions 1.0.6 and earlier accesspress-basic versions 3.2.1 and earlier accesspress-lite versions 2.92 and earlier accesspress-mag versions 2.6.5 and earlier accesspress-parallax version 4.5 accesspress-root version...

WordPress 插件 SQL注入漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. SQL injection vulnerability exists in versions prior to WordPress Poll Maker plugin 3.4.2, which stems from the plug...

Fedora: Security Advisory for python-pycares (FEDORA-2021-a48cf28c13)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Moderate: Red Hat Security Advisory: Red Hat AMQ Broker 7.9.0 release and security update

Red Hat AMQ Broker 7.9.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

PT-2021-22549 · WordPress · Credova Financial

Name of the Vulnerable Software and Affected Versions: Credova Financial WordPress plugin versions up to, and including, 1.4.8 Description: The Credova Financial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a sit...

CVE-2021-24652

The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultpoptions values...

[SECURITY] Fedora 35 Update: python-pycares-4.0.0-5.fc35

pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously...

WordPress plugin OMGF 访问控制错误漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in the OMGF...

PT-2021-22031

Name of the Vulnerable Software and Affected Versions Gutenberg Template Library & Redux Framework plugin versions prior to 4.2.11 Description The Gutenberg Template Library & Redux Framework plugin registered several AJAX actions available to unauthenticated users in the includes function in...

[SECURITY] Fedora 33 Update: c-ares-1.17.2-1.fc33

c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...

The vulnerabilities of the implementations of functions based on the AJAX technology, such as motor_load_more(), motor_gallery_load_more(), motor_quick_view(), and motor_project_quick_view(), in the “Motor – Cars, Parts, Service, Equipments and Accessories” theme. This theme is part of the WooCommerce store and uses the WordPress content management system. These vulnerabilities allow an attacker to execute arbitrary PHP code or gain unauthorized access to protected information.

The vulnerability of implementations based on the AJAX technology—motorloadmore, motorgalleryloadmore, motorquickview, and motorprojectquickview—in the “Motor: Cars, Parts, Service, Equipment, and Accessories” theme. This vulnerability is related to shortcomings in path name restrictions for the...

The vulnerability of the commercial vBulletin web forum exists due to the lack of measures to neutralize special elements, allowing attackers to execute arbitrary commands.

The vulnerability of the commercial forum engine vBulletin exists due to the failure to address the issue of eliminating specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using the ajax/render/widgettabbedcontainertabpanel request...

Wordpress Plugin Email Subscriber 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in...

[SECURITY] Fedora 34 Update: rust-asyncgit-0.16.3-3.fc34

Allow using git2 in a asynchronous context...

USN-5034-2: c-ares vulnerability

USN-5034-1 fixed a vulnerability in c-ares. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Philipp Jeitner and Haya Shulman discovered that c-ares incorrectly validated certain hostnames returned by DNS servers. A remote attacker could possibly use...

USN-5034-1: c-ares vulnerability

Philipp Jeitner and Haya Shulman discovered that c-ares incorrectly validated certain hostnames returned by DNS servers. A remote attacker could possibly use this issue to perform Domain Hijacking attacks...

libcares2 跨站脚本漏洞

libcares2 is a C library in the openSUSE project that performs DNS requests and name resolution asynchronously. A cross-site scripting vulnerability exists in libcares2 that stems from improper validation of hostname input...

CVE-2021-24499

The Workreap WordPress theme before 2.2.2 AJAX actions workreapawardtempfileuploader and workreaptempfileuploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp...

CVE-2021-24474

The Awesome Weather Widget WordPress plugin through 3.0.2 does not sanitize the id parameter of its awesomeweatherrefresh AJAX action, leading to an unauthenticated Reflected Cross-Site Scripting XSS Vulnerability...