WordPress plugin Consensu.Io security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Buy Me a Coffee security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2023-48273

Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Preloader for Website.This issue affects Preloader for Website: from n/a through 1.2.2...

WordPress plugin Welcart e-Commerce security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-31283

Missing Authorization vulnerability in zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.6.2...

CVE-2024-32798

CVE-2024-32798 is a Missing Authorization vulnerability in the WordPress plugin WP Travel Engine, affecting WP Travel Engine versions from n/a up to and including 5.8.0. The connected enrichment and Red Hat/WordPress records reference a price manipulation impact associated with this vulnerability...

WordPress Wbcom Designs - Custom Font Uploader plugin <= 2.3.4 - Missing Authorization to Font Deletion vulnerability

WordPress Wbcom Designs - Custom Font Uploader plugin = 2.3.4 - Missing Authorization to Font Deletion vulnerability discovered by Lucio Sá in WordPress Plugin Custom Font Uploader versions = 2.3.4...

CVE-2024-3761

In lunary-ai/lunary, version 1.2.2 contains an unauthorized deletion vulnerability on the DELETE endpoint at packages/backend/src/api/v1/datasets due to missing authorization/authentication. This allows any user (no token required) to delete a dataset, potentially causing data loss or service dis...

WordPress Password Protected plugin <= 2.6.6 - Missing Authorization to Sensitive Information Exposure vulnerability

Missing Authorization to Sensitive Information Exposure vulnerability discovered by Francesco Carlucci in WordPress Plugin Password Protected versions = 2.6.6...

Acronis Cyber Protect 安全漏洞

Acronis Cyber Protect is an all-in-one cyber protection solution for business and enterprise from Acronis Singapore. Combining backup, anti-malware, cybersecurity and endpoint management features such as vulnerability assessment, URL filtering, patch management, and more. A security vulnerability...

CVE-2024-2838

CVE-2024-2838 affects WPC Composite Products for WooCommerce (WordPress) up to version 7.2.7, enabling Stored Cross-Site Scripting via the wooco_components[0][name] parameter due to insufficient input sanitization/output escaping and missing authorization on ajax_save_components. The vulnerabilit...

PT-2024-18176 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 0.3.0 Description: An Insecure Direct Object Reference IDOR vulnerability exists, allowing unauthorized deletion of any organization's project. The issue is due to insufficient authorization checks in the project...

WordPress plugin Shortcodes and extra features for Phlox theme 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...

CVE-2024-25643

The SAP Fiori app My Overtime Request - version 605, does not perform the necessary authorization checks for an authenticated user which may result in an escalation of privileges. It is possible to manipulate the URLs of data requests to access information that the user should not have access to...

PT-2024-10361 · Drupal · Drupal Entity Delete Log

Name of the Vulnerable Software and Affected Versions: Drupal Entity Delete Log versions 0.0.0 through 1.1.1 Description: The issue is related to a lack of authorization in the Drupal Entity Delete Log, which allows for forceful browsing. This can enable a remote attacker to bypass security...

PT-2024-14841 · WordPress · Demomentsomtres Wordpress Export Posts With Images

Name of the Vulnerable Software and Affected Versions: DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 Description: The issue allows any logged-in user, such as subscribers, to export the contents of the blog, including restricted and unpublished posts, as wel...

PT-2024-14858 · WordPress · Eazydocs

Name of the Vulnerable Software and Affected Versions: EazyDocs WordPress plugin versions prior to 2.3.6 Description: The issue allows unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections, due to the lack of authorization and CSRF checks when handling...

CVE-2023-6955

A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group...

CVE-2024-21736

SAP S/4HANA Finance for Advanced Payment Management - versions SAPSCORE 128, S4CORE 107, does not perform necessary authorization checks. A function import could be triggered allowing the attacker to create in-house bank accounts leading to low impact on the confidentiality of the application...

CVE-2023-6529

The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admininit, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities...