Security Bulletin: IBM Event Processing is vulnerable to Improper Input Validation due to the PostCSS (CVE-2023-44270).

Summary Operator of IBM Event Processing is vulnerable to Improper Input Validation due to the postcss-8.4.21.tgz before 8.4.31. PostCSS is a tool for transforming CSS with JavaScript plugins and this is a dev dependency used by Event Processing Team. CVE-2023-44270. Vulnerability Details...

CVE-2022-40700

Server-Side Request Forgery SSRF vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress a...

CVE-2022-40700

Server-Side Request Forgery SSRF vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress a...

PT-2024-11631 · Agence Press · Css Adder By Agence-Press

Name of the Vulnerable Software and Affected Versions: Montonio for WooCommerce versions 6.0.1 and earlier Wpopal Core Features versions 1.5.8 and earlier ArcStone wp-amo versions 4.6.6 and earlier WooVirtualWallet – A virtual wallet for WooCommerce versions 2.2.1 and earlier WooVIP – Membership...

WordPress plugin Admin CSS MU code issue vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in the...

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross Site Scripting') in Bootstrap (CVE-2018-20676)

Summary Bootstrap is used by IBM Storage Ceph as a CSS framework. CVE-2018-20676 This bulletin identifies the steps to take to address the vulnerability in Bootstrap. Vulnerability Details CVEID: CVE-2018-20676 DESCRIPTION: Bootstrap is vulnerable to cross-site scripting, caused by improper...

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross Site Scripting') in Bootstrap (CVE-2018-14041)

Summary Bootstrap is used by IBM Storage Ceph as a CSS framework. CVE-2018-14041 This bulletin identifies the steps to take to address the vulnerability in Bootstrap. Vulnerability Details CVEID: CVE-2018-14041 DESCRIPTION: Bootstrap is vulnerable to cross-site scripting, caused by improper...

CVE-2023-51464 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

JS & CSS Script Optimizer <= 0.3.3 - Cross-Site Request Forgery

Description The JS & CSS Script Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.3.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform and unauthorized...

CVE-2023-6699

The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain...

CVE-2023-6699

The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain...

WordPress Plugin Export WP Page to Static HTML/CSS Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2023-52216

Cross-Site Request Forgery CSRF vulnerability in Yevhen Kotelnytskyi JS & CSS Script Optimizer.This issue affects JS & CSS Script Optimizer: from n/a through 0.3.3...

CVE-2023-52216

Cross-Site Request Forgery CSRF vulnerability in Yevhen Kotelnytskyi JS & CSS Script Optimizer.This issue affects JS & CSS Script Optimizer: from n/a through 0.3.3...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Yevhen Kotelnytskyi JS & CSS Script Optimizer.This issue affects JS & CSS Script Optimizer: from n/a through 0.3.3...

CVE-2023-52216 WordPress JS & CSS Script Optimizer Plugin <= 0.3.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Yevhen Kotelnytskyi JS & CSS Script Optimizer.This issue affects JS & CSS Script Optimizer: from n/a through 0.3.3...

CVE-2023-52216

CVE-2023-52216 concerns the WordPress plugin JS & CSS Script Optimizer . Public sources in the connected set confirm a CSRF vulnerability affecting versions up to and including 0.3.3, with unauthenticated attackers able to coerce an authenticated site administrator to perform a forged action. The...

PT-2024-14480 · Unknown · Js & Css Script Optimizer

Name of the Vulnerable Software and Affected Versions: JS & CSS Script Optimizer versions 0.3.3 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the JS & CSS Script Optimizer. This type of issue allows an attacker to trick a user into performing unintended actions on a web...

WordPress Plugin JS & CSS Script Optimizer Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2023-52121

Cross-Site Request Forgery CSRF vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a...