13 matches found
EUVD-2024-54141
Malicious code in bioql PyPI...
EUVD-2024-54142
Malicious code in bioql PyPI...
CVE-2024-12035
The CS Framework plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the cswidgetfiledelete function in all versions up to, and including, 6.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to dele...
CVE-2024-12036
The CS Framework plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.9 via the getwidgetsettingsjson function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the...
CVE-2024-12036 CS Framework <= 7.1 - Authenticated (Subscriber+) Arbitrary File Read
The CS Framework plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.9 via the getwidgetsettingsjson function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the...
CVE-2024-12036
CVE-2024-12036 affects the WordPress CS Framework plugin (CS Framework) with Arbitrary File Read via get_widget_settings_json() in versions up to 6.9 (and tracked in later advisories as <= 7.1). The vulnerability requires at least subscriber-level authentication and allows reading arbitrary se...
CVE-2024-12036 CS Framework <= 7.1 - Authenticated (Subscriber+) Arbitrary File Read
The CS Framework plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.9 via the getwidgetsettingsjson function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the...
CVE-2024-12035 CS Framework <= 7.0 - Authenticated (Subscriber+) Arbitrary File Deletion
The CS Framework plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the cswidgetfiledelete function in all versions up to, and including, 6.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to dele...
CVE-2024-12035 CS Framework <= 7.0 - Authenticated (Subscriber+) Arbitrary File Deletion
The CS Framework plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the cswidgetfiledelete function in all versions up to, and including, 6.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to dele...
WordPress plugin CS Framework 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
WordPress plugin CS Framework 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress CS Framework plugin <= 7.1 - Authenticated (Subscriber+) Arbitrary File Read vulnerability
Authenticated Subscriber+ Arbitrary File Read vulnerability discovered by Tonn in WordPress Plugin CS Framework versions = 7.1...
WordPress CS Framework plugin <= 7.0 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability
Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Tonn in WordPress Plugin CS Framework versions = 7.0...