16 matches found
EUVD-2019-6774
Malware in sbrugna...
EUVD-2024-51751
Malicious code in bioql PyPI...
CVE-2019-15863
The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation with the none role via a request for variants...
CVE-2024-13800
The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cpdismissnotice' AJAX endpoint in all versions up to, and including, 3.5.30. This makes it possible for authenticated attackers,...
CVE-2024-13800
The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cpdismissnotice' AJAX endpoint in all versions up to, and including, 3.5.30. This makes it possible for authenticated attackers,...
CVE-2024-13800
The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cpdismissnotice' AJAX endpoint in all versions up to, and including, 3.5.30. This makes it possible for authenticated attackers,...
CVE-2024-13800 Popup Plugin For WordPress - ConvertPlus <= 3.5.30 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update
The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cpdismissnotice' AJAX endpoint in all versions up to, and including, 3.5.30. This makes it possible for authenticated attackers,...
CVE-2024-13800 Popup Plugin For WordPress - ConvertPlus <= 3.5.30 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update
The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cpdismissnotice' AJAX endpoint in all versions up to, and including, 3.5.30. This makes it possible for authenticated attackers,...
CVE-2024-4838
CVE-2024-4838 - ConvertPlus (WordPress) : A PHP Object Injection exists in all versions up to 3.5.26 via deserialization of untrusted input from the settings_encoded attribute of the smile_modal shortcode. Exploitation requires at least contributor-level authentication; there is no POP chain by d...
WordPress Plugin ConvertPlus 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress ConvertPlus Plugin <= 3.5.26 is vulnerable to PHP Object Injection
Software ConvertPlus Type Plugin Vulnerable versions = 3.5.26 Fixed in 3.5.26.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-4838 Patch priority Medium CVSS severity Medium 7.5 Developer Claim ownership PSID a94dcf4ccf5a Credits haidv35 Required privilege Contributo...
WordPress ConvertPlus Plugin Input Validation Error Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.ConvertPlus is a popup plugin used in it. A security vulnerability exists in WordPress ConvertPlus plugin versions prior to 3.4.5. No...
CVE-2019-15863
The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation with the none role via a request for variants...
CVE-2019-15863
The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation with the none role via a request for variants...
Cross site request forgery (csrf)
The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation with the none role via a request for variants...
CVE-2019-15863
The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation with the none role via a request for variants...