CVE-2023-46070 WordPress EG-Attachments Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Emmanuel GEORJON EG-Attachments plugin = 2.1.3 versions...

CVE-2023-46070 WordPress EG-Attachments Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Emmanuel GEORJON EG-Attachments plugin = 2.1.3 versions...

PT-2023-29823 · Emmanuel Georjon · Eg-Attachments

Name of the Vulnerable Software and Affected Versions: Emmanuel GEORJON EG-Attachments plugin versions = 2.1.3 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them ...

Vulnerabilities in Best Practical RT fixed

Vulnerabilities have been fixed in Best Practical Request Tracker RT. The vulnerabilities allow an unauthenticated malicious person able to impersonate an RT user and to download specific email attachments to download. Best Practical has released updates to fix the vulnerabilities fixes in RT. Fo...

CVE-2023-4933

The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled...

CVE-2023-4933

The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled...

Code injection

The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled...

CVE-2023-4933 WP Job Openings < 3.4.3 - Sensitive Data Exposure via Directory Listing

The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled...

CVE-2023-4933

CVE-2023-4933 affects WP Job Openings WordPress plugin

CVE-2023-45651

Cross-Site Request Forgery CSRF vulnerability in Marco Milesi WP Attachments allows Cross Site Request Forgery.This issue affects WP Attachments: from n/a through 5.0.11...

CVE-2023-45651

Cross-Site Request Forgery CSRF vulnerability in Marco Milesi WP Attachments allows Cross Site Request Forgery.This issue affects WP Attachments: from n/a through 5.0.11...

CVE-2023-45651 WordPress WP Attachments Plugin <= 5.0.11 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Marco Milesi WP Attachments allows Cross Site Request Forgery.This issue affects WP Attachments: from n/a through 5.0.11...

CVE-2023-45651

CVE-2023-45651 concerns the WordPress plugin WP Attachments . The vulnerability is a Cross-Site Request Forgery (CSRF) that affects WP Attachments versions up to and including 5.0.11. A fix exists in version 5.0.12 . Multiple connected sources corroborate the CSRF impact and the vendor-provided p...

CVE-2023-45651 WordPress WP Attachments Plugin <= 5.0.11 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Marco Milesi WP Attachments allows Cross Site Request Forgery.This issue affects WP Attachments: from n/a through 5.0.11...

WordPress EG-Attachments Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS)

Software EG-Attachments Type Plugin Vulnerable versions = 2.1.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46070 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 04006798b0e0 Credits Le Ngoc Anh Required...

WordPress plugin WP Attachments Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2023-31170 · WordPress · Wp Job Openings

Name of the Vulnerable Software and Affected Versions: WP Job Openings WordPress plugin versions prior to 3.4.3 Description: The issue allows unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled, due to the plugin not blocking the...

WordPress plugin WP Job Openings Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...

Front End PM < 11.4.3 - Sensitive Data Exposure via Directory Listing

Description The plugin does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled. PoC...

CVE-2023-45856

qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI...