EUVD-2023-58860

Malicious code in bioql PyPI...

CVE-2023-6637

The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatesettings' function in versions up to, and including, 4.7.14. This makes it possible for unauthenticated attackers to update plugin...

CVE-2021-25020

The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin...

CVE-2023-6637

The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatesettings' function in versions up to, and including, 4.7.14. This makes it possible for unauthenticated attackers to update plugin...

Design/Logic Flaw

The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatesettings' function in versions up to, and including, 4.7.14. This makes it possible for unauthenticated attackers to update plugin...

CVE-2023-6637

CVE-2023-6637 affects the CAOS | Host Google Analytics Locally WordPress plugin. A missing capability check in the update_settings function (vulnerable through 4.7.14) allows unauthenticated attackers to modify plugin settings. The issue originates from broken access control in updating settings,...

CVE-2023-6637 CAOS | Host Google Analytics Locally <= 4.7.14 - Missing Authorization to Unauthenticated Plugin Settings Update

The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatesettings' function in versions up to, and including, 4.7.14. This makes it possible for unauthenticated attackers to update plugin...

PT-2024-15038 · WordPress · Caos | Host Google Analytics Locally

Name of the Vulnerable Software and Affected Versions: CAOS | Host Google Analytics Locally plugin for WordPress versions up to, and including, 4.7.14 Description: The issue allows unauthorized modification of data due to a missing capability check on the update settings function. This makes it...

WordPress Plugin CAOS | Host Google Analytics Locally Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin CAOS | Host Google Analyti...

CVE-2021-25020

The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin...

Path traversal

The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin...

CVE-2021-25020 CAOS < 4.1.9 - Admin+ Arbitrary Folder Deletion via Path Traversal

The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin...

CVE-2021-25020

CVE-2021-25020 affects the WordPress plugin “CAOS | Host Google Analytics Locally” (versions prior to 4.1.9). The vulnerability arises because the plugin does not validate the cache directory setting, enabling high-privilege users to perform a path traversal during uninstall and delete arbitrary ...

PT-2022-9577 · WordPress · Caos | Host Google Analytics Locally

Name of the Vulnerable Software and Affected Versions: CAOS | Host Google Analytics Locally WordPress plugin versions prior to 4.1.9 Description: The issue allows high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin due to the lack of...

WordPress CAOS | Host Google Analytics Locally plugin <= 4.1.8 - Arbitrary Folder Deletion via Path Traversal vulnerability

Arbitrary Folder Deletion via Path Traversal vulnerability discovered by José Aguilera in WordPress CAOS | Host Google Analytics Locally plugin versions = 4.1.8. Solution Update the WordPress CAOS | Host Google Analytics Locally plugin to the latest available version at least 4.1.9...

CAOS < 4.1.9 - Admin+ Arbitrary Folder Deletion via Path Traversal

The plugin does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin PoC As admin, put the following payload in the "Cache directory for analytics.js" setting of the plugin: ../wp-includes,...

CAOS < 4.1.9 - Admin+ Arbitrary Folder Deletion via Path Traversal

The plugin does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin As admin, put the following payload in the "Cache directory for analytics.js" setting of the plugin: ../wp-includes, tic...