The vulnerability in the `inc/csv.php` script of the WordPress Automatic Plugin, a content management system for WordPress websites, allows attackers to execute arbitrary SQL code.

The vulnerability in the inc/csv.php script of the WordPress Automatic Plugin, a content management system for WordPress websites, relates to the failure to protect the SQL query structure during the processing of the $q variable, as a result of the authentication mechanism being bypassed...

The vulnerability of the downloader.php plugin of the WordPress Automatic Plugin system for website content management allows a attacker to perform an SSRF attack.

The vulnerability of the downloader.php plugin in the WordPress Automatic Plugin system for website content management involves insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites

Threat actors are attempting to actively exploit a critical security flaw in the ValvePress Automatic plugin for WordPress that could allow site takeovers. The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior t...

Multiple vulnerabilities in RoamWiFi R10

Overview RoamWiFi R10 provided by RoamWiFi Technology Co., Ltd. contains multiple vulnerabilities listed below. Active debug code CWE-489 - CVE-2024-31406 Insertion of sensitive information into log file CWE-532 - CVE-2024-32051 Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities...

VulnCheck KEV: CVE-2024-27956

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic through 3.92.0...

PT-2024-24245 · Rapid7 · Rapid7 Platform

Name of the Vulnerable Software and Affected Versions: Rapid7 Platform affected versions not specified Description: A key used in logging.json does not follow the least privilege principle by default and is exposed to local users in the Rapid7 Platform. This allows an attacker with local access t...

CVE-2024-32693

Cross-Site Request Forgery CSRF vulnerability in ValvePress Automatic.This issue affects Automatic: from n/a before 3.93.0...

CVE-2024-32693 WordPress Automatic plugin < 3.93.0 - Multiple Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ValvePress Automatic.This issue affects Automatic: from n/a before 3.93.0...

CVE-2024-32693 WordPress Automatic plugin < 3.93.0 - Multiple Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ValvePress Automatic.This issue affects Automatic: from n/a before 3.93.0...

CVE-2024-32693

CVE-2024-32693 is a CSRF vulnerability in the WordPress WordPress Automatic Plugin (ValvePress Automatic) affecting versions prior to 3.93.0. The CVSS 3.1 vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L with a base score of 7.6 (HIGH). Impact: confidentiality is Low, integrity is High, ava...

WordPress plugin Automatic 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

ROS-20240422-05

The golang package vulnerability is related to errors returned from MarshalJSON methods containing data, controlled by the user. Exploitation of the vulnerability could allow an attacker acting remotely, exploit these errors to disrupt the contextual behavior of the automatic output of the packag...

WordPress Automatic plugin < 3.93.0 - Multiple Cross Site Request Forgery (CSRF) vulnerability

Multiple Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Automatic versions 3.93.0...

WordPress Automatic Plugin < 3.93.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Automatic Type Plugin Vulnerable versions 3.93.0 Fixed in 3.93.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32693 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 83f469455e38 Credits Rafie Muhammad Patchstack...

CVE-2024-26873

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Fix a deadlock issue related to automatic dump If we issue a disabling PHY command, the device attached with it will go offline, if a 2 bit ECC error occurs at the same time, a hung task may be found: 4613.652388...

CVE-2024-26873

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Fix a deadlock issue related to automatic dump If we issue a disabling PHY command, the device attached with it will go offline, if a 2 bit ECC error occurs at the same time, a hung task may be found: 4613.652388...

CVE-2024-26873

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Fix a deadlock issue related to automatic dump If we issue a disabling PHY command, the device attached with it will go offline, if a 2 bit ECC error occurs at the same time, a hung task may be found: 4613.652388...

CVE-2024-26873 scsi: hisi_sas: Fix a deadlock issue related to automatic dump

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Fix a deadlock issue related to automatic dump If we issue a disabling PHY command, the device attached with it will go offline, if a 2 bit ECC error occurs at the same time, a hung task may be found: 4613.652388...

CVE-2024-26873 scsi: hisi_sas: Fix a deadlock issue related to automatic dump

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Fix a deadlock issue related to automatic dump If we issue a disabling PHY command, the device attached with it will go offline, if a 2 bit ECC error occurs at the same time, a hung task may be found: 4613.652388...

Fedora: Security Advisory (FEDORA-2024-4aef1d6ece)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...