5 matches found
EUVD-2024-54142
Malicious code in bioql PyPI...
CVE-2024-12035
The CS Framework plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the cswidgetfiledelete function in all versions up to, and including, 6.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to dele...
CVE-2024-12036
The CS Framework plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.9 via the getwidgetsettingsjson function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the...
CVE-2024-12036 CS Framework <= 7.1 - Authenticated (Subscriber+) Arbitrary File Read
The CS Framework plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.9 via the getwidgetsettingsjson function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the...
CVE-2024-12036
CVE-2024-12036 affects the WordPress CS Framework plugin (CS Framework) with Arbitrary File Read via get_widget_settings_json() in versions up to 6.9 (and tracked in later advisories as <= 7.1). The vulnerability requires at least subscriber-level authentication and allows reading arbitrary se...