22 matches found
EUVD-2024-0892
Malicious code in bioql PyPI...
CVE-2025-8678
The WP Crontrol plugin for WordPress is vulnerable to blind Server-Side Request Forgery in versions 1.17.0 to 1.19.1 via the 'wpremoterequest' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations...
CVE-2025-8678
The WP Crontrol plugin for WordPress is vulnerable to blind Server-Side Request Forgery in versions 1.17.0 to 1.19.1 via the 'wpremoterequest' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations...
CVE-2025-8678
The CVE-2025-8678 entry concerns the WordPress WP Crontrol plugin. Affected versions 1.17.0–1.19.1 expose a blind Server-Side Request Forgery via wp_remote_request() that can be exploited by authenticated administrators or higher to issue web requests from the WordPress host to arbitrary external...
CVE-2025-8678 WP Crontrol - 1.17.0 - 1.19.1 - Authenticated (Administrator+) Blind Server-Side Request Forgery
The WP Crontrol plugin for WordPress is vulnerable to blind Server-Side Request Forgery in versions 1.17.0 to 1.19.1 via the 'wpremoterequest' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations...
WordPress WP Crontrol plugin 1.17.0-1.19.1 - Authenticated (Administrator+) Server-Side Request Forgery vulnerability
Authenticated Administrator+ Server-Side Request Forgery vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Crontrol versions 1.17.0-1.19.1...
WordPress plugin WP Crontrol 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...
GHSA-35C5-67FM-CPCP WP Crontrol Authenticated (Administrator+) plugin vulnerable to Blind Server-Side Request Forgery
Impact The WP Crontrol plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in versions 1.17.0 to 1.19.1 via the wpremoterequest function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations...
PT-2025-33892 · WordPress · Wp Crontrol
Name of the Vulnerable Software and Affected Versions: WP Crontrol versions 1.17.0 through 1.19.1 Description: The WP Crontrol plugin for WordPress is vulnerable to Server-Side Request Forgery via the wp remote request function. This allows authenticated attackers with Administrator-level access...
CVE-2024-28850
WP Crontrol controls the cron events on WordPress websites. WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability...
MAL-2024-12105 Malicious code in wp-crontrol (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11dbd6b64c95e1656b934ea5eb5777054646b14af3e48acd8ea85546f3a0a930 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
The vulnerability of the WP Crontrol plugin of the WordPress content management system allows a hacker to execute arbitrary code.
The vulnerability of the WP Crontrol plugin of the WordPress content management system is related to the loading of code without checking its integrity. Exploiting this vulnerability can allow a hacker to execute arbitrary code...
GHSA-9XVF-CJVF-FF5Q WP Crontrol vulnerable to possible RCE when combined with a pre-condition
Impact WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability in this feature on its own, there exists potential f...
WP Crontrol vulnerable to possible RCE when combined with a pre-condition
Impact WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability in this feature on its own, there exists potential f...
CVE-2024-28850
WP Crontrol controls the cron events on WordPress websites. WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability...
CVE-2024-28850 WP Crontrol possible RCE when combined with a pre-condition
WP Crontrol controls the cron events on WordPress websites. WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability...
CVE-2024-28850 WP Crontrol possible RCE when combined with a pre-condition
WP Crontrol controls the cron events on WordPress websites. WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability...
CVE-2024-28850 WP Crontrol possible RCE when combined with a pre-condition
WP Crontrol controls the cron events on WordPress websites. WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability...
CVE-2024-28850
WP Crontrol for WordPress can enable remote code execution if an attacker chains it with another vulnerability (e.g., a writeable SQLi or arbitrary wp_options updates) that grants control over PHP cron event parameters. The issue is not in the feature itself, but in how a pre-condition could allo...
WordPress plugin WP Crontrol 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...