43 matches found
CVE-2024-13675
The SlingBlocks – Gutenberg Blocks by FunnelKit Formerly WooFunnels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Icon List" Block in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-43656 A backup can be manipulated and then restored to create arbitrary files inside the <redacted> directory. A CGI script can be added to the web directory this way, allowing for full remote code execution.
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: Moderate – It might be difficult for an attacker to identify the fil...
CVE-2024-12238
The The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.22. This is due to the software allowing users to execute an action that does not properly validate a value before runni...
CVE-2024-11901
CVE-2024-11901 affects the WordPress PowerBI Embed Reports plugin (up to version 1.1.7). The vulnerability is Stored XSS via the MO_API_POWER_BI shortcode, caused by insufficient input sanitization and output escaping for user-supplied shortcode attributes. Authenticated attackers with contributo...
DEBIAN-CVE-2024-52946
An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value...
CVE-2024-52946
An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value...
UBUNTU-CVE-2024-52946
An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value...
LemonLDAP::NG 安全漏洞
LemonLDAP::NG is the LemonLDAP::NG open source suite of web single sign-on and access management software. A security vulnerability exists in LemonLDAP::NG versions prior to 2.20.1 that stems from the presence of an incorrect check that allows authenticated users to increase their authentication...
CVE-2024-52946
CVE-2024-52946 affects LemonLDAP::NG prior to 2.20.1. The issue is an improper check during session refresh, allowing an authenticated user to raise their authentication level when an adaptive authentication rule is configured with an increment instead of an absolute value. Impact per sources: ab...
CVE-2024-52946
An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication due to the improper handling of the requiredaal setting in the authentication process. An attacker can bypass multi-factor authentication requirements by exploiting the incorrect storage of availableaal values in...
Ory Kratos 授权问题漏洞
Ory Kratos is a developer-friendly, secure, and proven cloud identity, user management, and authentication system from Ory Open Source. An authorization issue vulnerability exists in Ory Kratos versions prior to 1.3.0 that stems from the highestavailable setting incorrectly assuming that the...
General Electric D20 Password Recovery
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module grabs the device configuration from a GE D20M RTU and parses the usernames and passwords from it. class MetasploitModule 'General Electric D20 Password...
PT-2024-27113 · WordPress · Brizy
Name of the Vulnerable Software and Affected Versions: Brizy – Page Builder plugin for WordPress versions up to, and including, 2.4.43 Description: The issue is related to Stored Cross-Site Scripting via the Link To field of multiple widgets due to insufficient input sanitization and output...
WP Shortcodes Plugin < 7.1.6 - Contributor+ Stored XSS via su_members Shortcode
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'sumembers' shortcode due to insufficient input sanitization and output escaping on user supplied 'color' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to...
Simple Membership < 4.4.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpmpaypalsubscriptioncancellink' shortcode in all versions up to, and including, 4.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...
CVE-2024-2143 Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Widget
The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-1414 Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call To Action Widget
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Call To Action widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2024-15900 · WordPress · The Beaver Builder
Name of the Vulnerable Software and Affected Versions: The Beaver Builder – WordPress Page Builder plugin for WordPress versions up to, and including, 2.7.4.2 Description: The issue is related to Stored Cross-Site Scripting via the button link parameter due to insufficient input sanitization and...
CVE-2024-1586 Schema & Structured Data for WP & AMP <= 1.26 - Authenticated (Custom) Stored Cross-Site Scripting
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom schema in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject...