AnythingLLM 后置链接漏洞

AnythingLLM is an integrated AI application developed by Mintplex. Versions of AnythingLLM prior to 1.13.0 contained a post-link vulnerability. This vulnerability stemmed from the file system replication tool only verifying the top-level source and target paths. The recursive replication assistan...

GHSA-Q5PP-GVJG-H7V4 Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agents/` are dereferenced during `apm install`, copying host-local file contents into the project tree

Summary Two primitive integrators in apm-cli enumerate package files with bare Path.glob / Path.rglob calls and read each match with Path.readtext, transparently following symbolic links. A symlink committed inside a remote APM dependency under .apm/prompts/.prompt.md or .apm/agents/.agent.md is...

EUVD-2025-204782

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'duplicatewpmllayout' function in all versions up to, and including, 2.9.4.1. This makes it possible for authenticated attackers,...

EUVD-2021-11246

Malware in sbrugna...

EUVD-2024-43369

Malicious code in bioql PyPI...

CVE-2024-49306

Cross-Site Request Forgery CSRF vulnerability in wp-buy WP Content Copy Protection & No Right Click wp-content-copy-protector allows Cross Site Request Forgery.This issue affects WP Content Copy Protection & No Right Click: from n/a through = 3.5.9...

CVE-2021-24333

The Content Copy Protection & Prevent Image Save WordPress plugin through 1.3 does not check for CSRF when saving its settings, not perform any validation and sanitisation on them, allowing attackers to make a logged in administrator set arbitrary XSS payloads in them...

CVE-2024-6693 WP Content Copy Protection & No Right Click (premium) <= 15.0 - Admin+ Stored XSS

The wccp-pro WordPress plugin before 15.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-6690 WP Content Copy Protection & No Right Click (premium) < 15.3 - Open Redirect

The wccp-pro WordPress plugin before 15.3 contains an open-redirect flaw via the referrer parameter, allowing redirection of users to external sites...

CVE-2024-49306

Cross-Site Request Forgery CSRF vulnerability in WP-buy WP Content Copy Protection & No Right Click allows Cross Site Request Forgery.This issue affects WP Content Copy Protection & No Right Click: from n/a through 3.5.9...

CVE-2024-49306

Cross-Site Request Forgery CSRF vulnerability in wp-buy WP Content Copy Protection & No Right Click wp-content-copy-protector allows Cross Site Request Forgery.This issue affects WP Content Copy Protection & No Right Click: from n/a through = 3.5.9...

CVE-2024-49306

WP Content Copy Protection & No Right Click (WordPress plugin)

CVE-2024-49306 WordPress WP Content Copy Protection & No Right Click plugin <= 3.5.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in wp-buy WP Content Copy Protection & No Right Click wp-content-copy-protector allows Cross Site Request Forgery.This issue affects WP Content Copy Protection & No Right Click: from n/a through = 3.5.9...

WordPress plugin WP Content Copy Protection & No Right Click 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...

PT-2024-33445 · WordPress · Wp Content Copy Protection & No Right Click

Name of the Vulnerable Software and Affected Versions: WP Content Copy Protection & No Right Click versions 3.5.9 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the WP Content Copy Protection & No Right Click plugin. This allows for Cross Site Request Forgery...

WordPress WP Content Copy Protection & No Right Click plugin <= 3.5.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WP Content Copy Protection & No Right Click versions = 3.5.9...

WordPress WP Content Copy Protection & No Right Click Plugin <= 3.5.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Content Copy Protection & No Right Click Type Plugin Vulnerable versions = 3.5.9 Fixed in 3.6.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49306 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2fc979b85a6d...

CVE-2023-36678

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WP-buy WP Content Copy Protection & No Right Click plugin = 3.5.5 versions...

CVE-2023-36678

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WP-buy WP Content Copy Protection & No Right Click plugin = 3.5.5 versions...

CVE-2023-36678

CVE-2023-36678 affects the WordPress plugin WP Content Copy Protection & No Right Click up to version 3.5.5. It is an authenticated Stored XSS vulnerability (admin+ required) through the plugin, with low impact to confidentiality/integrity and no impact to availability per the cited sources. A fi...