2405 matches found
CVE-2025-22784
Cross-Site Request Forgery CSRF vulnerability in swedish boy Background Control background-control allows Path Traversal.This issue affects Background Control: from n/a through = 1.0.5...
CVE-2025-22784 WordPress Background Control plugin <= 1.0.5 - CSRF to Arbitrary File Deletion vulnerability
Cross-Site Request Forgery CSRF vulnerability in swedish boy Background Control background-control allows Path Traversal.This issue affects Background Control: from n/a through = 1.0.5...
CVE-2025-22784 WordPress Background Control plugin <= 1.0.5 - CSRF to Arbitrary File Deletion vulnerability
Cross-Site Request Forgery CSRF vulnerability in swedish boy Background Control background-control allows Path Traversal.This issue affects Background Control: from n/a through = 1.0.5...
WordPress plugin Background Control 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
WordPress Background Control plugin <= 1.0.5 - CSRF to Arbitrary File Deletion vulnerability
CSRF to Arbitrary File Deletion vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin Background Control versions = 1.0.5...
CVE-2024-12327
The LazyLoad Background Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pblzbgsavesettings function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2024-12327 LazyLoad Background Images <= 1.0.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update
The LazyLoad Background Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pblzbgsavesettings function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2024-12327 LazyLoad Background Images <= 1.0.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update
The LazyLoad Background Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pblzbgsavesettings function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2024-12327
CVE-2024-12327 concerns the LazyLoad Background Images WordPress plugin. The vulnerability is a missing capability check in pblzbg_save_settings(), allowing authenticated attackers with Subscriber-level access and above to modify the plugin’s settings. Affected versions are all up to and includin...
WordPress LazyLoad Background Images plugin <= 1.0.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update vulnerability
Missing Authorization to Authenticated Subscriber+ Plugin Settings Update vulnerability discovered by Mika in WordPress Plugin LazyLoad Background Images versions = 1.0.7...
PT-2025-3813 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.0 through 17.5.5 GitLab CE/EE versions 17.6 through 17.6.3 GitLab CE/EE versions 17.7 through 17.7.1 Description: An issue has been discovered in GitLab CE/EE where under certain conditions, processing of CI artifacts...
CVE-2024-12754
AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...
CVE-2024-12754
CVE-2024-12754 affects AnyDesk. The flaw is in how background images are handled; by creating a junction, a local attacker can abuse the service to read arbitrary files and disclose stored credentials. Affected behavior requires low-privilege code execution on the target and results in informatio...
Exploit for Cross-site Scripting in Squidex.Io Squidex
CVE-2023-24278 - Reflected XSS Vulnerabilities in Squidex...
CVE-2024-11775 Particle Background <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Particle Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'particleground' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress plugin Particle Background 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...
PT-2024-17249 · WordPress · Particle Background
Name of the Vulnerable Software and Affected Versions: Particle Background plugin for WordPress versions up to, and including, 1.0.2 Description: The Particle Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'particleground' shortcode due to insufficie...
WordPress Particle Background plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Particle Background versions = 1.0.2...
CVE-2024-55089
Rhymix before 2.1.24 is vulnerable to Server-Side Request Forgery SSRF in the background import data function because XML documents may contain external entities...
CVE-2024-55089
Rhymix before 2.1.24 is vulnerable to Server-Side Request Forgery SSRF in the background import data function because XML documents may contain external entities...