CVE-2024-0961

CVE-2024-0961 : The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to 1.58.1 due to insufficient input sanitization and output escaping. The issue allows authenticated attackers with contributor+ privileges to inj...

WordPress plugin SiteOrigin Widgets Bundle security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in WordPres...

SiteOrigin Widgets Bundle < 1.58.2 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the code editor due to insufficient input sanitization and output escaping, allowing authenticated attackers, with contributor access or higher, to perform Stored XSS attacks...

kernel: xfrm_expand_policies() in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice

A flaw was found in the Linux kernel’s IP framework for transforming packets XFRM subsystem. An error while resolving policies in xfrmbundlelookup causes the refcount to drop twice, leading to a possible crash and a denial of service...

CVE-2024-23646

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter selectedIds is susceptible to SQL Injection. Any backend user with very basic...

Sql injection

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter selectedIds is susceptible to SQL Injection. Any backend user with very basic...

CVE-2024-23646

Pimcore Admin Classic Bundle (1.x) before 1.3.2 contains an SQL Injection in the selectedIds parameter used by the admin asset download flow (download-as-zip-add-files). Any backend user with basic permissions can execute arbitrary SQL and escalate to admin-level access. The fix is in 1.3.2. Affe...

CVE-2024-23646 Pimcore Admin Classic Bundle SQL Injection in Admin download files as zip

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter selectedIds is susceptible to SQL Injection. Any backend user with very basic...

CVE-2024-23648

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours, allowing the user to res...

CVE-2024-23648

Summary (CVE-2024-23648) Pimcore Admin Classic Bundle is vulnerable to Host Header Injection in the password-reset flow. Before version 1.2.3, the reset URL was crafted using the request’s Host header, enabling an attacker-controlled domain to appear in the password-reset link sent by email. If a...

CVE-2024-23648 Pimcore Admin Classic Bundle host header injection in the password reset

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours, allowing the user to res...

CVE-2024-23648 Pimcore Admin Classic Bundle host header injection in the password reset

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours, allowing the user to res...

PT-2024-19999

Name of the Vulnerable Software and Affected Versions Pimcore's Admin Classic Bundle versions prior to 1.2.3 Description The password reset functionality in Pimcore's Admin Classic Bundle sends an email to the user requesting a password change with a URL containing a unique token, valid for 24...

CVE-2023-51210

SQL injection vulnerability in Webkul Bundle Product 6.0.1 allows a remote attacker to execute arbitrary code via the idproduct parameters in the UpdateProductQuantity function...

CVE-2023-51210

SQL injection vulnerability in Webkul Bundle Product 6.0.1 allows a remote attacker to execute arbitrary code via the idproduct parameters in the UpdateProductQuantity function...

CVE-2023-51210

SQL injection vulnerability in Webkul Bundle Product 6.0.1 allows a remote attacker to execute arbitrary code via the idproduct parameters in the UpdateProductQuantity function...

Webkul Bundle SQL Injection Vulnerability

Webkul Bundle is an add-on for the Marketplace module from Webkul, Inc. A SQL injection vulnerability exists in Webkul Bundle version 6.0.1 that originates from allowing remote attackers to execute arbitrary code via the idproduct parameter in the UpdateProductQuantity function...

CVE-2023-51210

SQL injection vulnerability in Webkul Bundle Product 6.0.1 allows a remote attacker to execute arbitrary code via the idproduct parameters in the UpdateProductQuantity function...

PT-2024-14072 · Webkul · Webkul Bundle Product

Name of the Vulnerable Software and Affected Versions: Webkul Bundle Product version 6.0.1 Description: A SQL injection issue allows a remote attacker to execute arbitrary code via the id product parameters in the UpdateProductQuantity function. Recommendations: For Webkul Bundle Product version...

CVE-2023-51210

CVE-2023-51210 affects Webkul Bundle Product 6.0.1. The vulnerability is a SQL injection in the UpdateProductQuantity function triggered by the id_product parameter, enabling a remote attacker to execute arbitrary code. The NVD and Red Hat entries describe the same issue with a high/severe impact...