7 matches found
CVE-2025-13085
The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Improper Authorization leading to Sensitive Post Meta Disclosure in versions up to and including 1.3.2. This is due to missing object-level authorization checks in the resolvevariables AJAX handler. This makes it possible for...
CVE-2025-13085
The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Improper Authorization leading to Sensitive Post Meta Disclosure in versions up to and including 1.3.2. This is due to missing object-level authorization checks in the resolvevariables AJAX handler. This makes it possible for...
CVE-2025-13085 SiteSEO – SEO Simplified <= 1.3.2 - Insecure Direct Object Reference to Sensitive Post Meta Disclosure
The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Improper Authorization leading to Sensitive Post Meta Disclosure in versions up to and including 1.3.2. This is due to missing object-level authorization checks in the resolvevariables AJAX handler. This makes it possible for...
Billing Management System SQL Injection Vulnerability
Billing Management System is a simple web application for managing customer billing for electricity supplier companies. A SQL injection vulnerability exists in Billing Management System v1.0, which stems from a lack of validation of externally entered SQL statements in the parameter id of...
Cross-site Scripting (XSS) - Stored in bytefury/crater
✍️ Description Stored xss using customer billing address 🕵️♂️ Proof of Concept 1. First goto demo app https://demo.craterapp.com/admin/customers/create and create a customer . During creation put bellow xss payload in billing address field and save it . Now see xss is executed payload -- xss"'...
Verizon Wireless Internal Credentials, Infrastructure Details Exposed in Amazon S3 Bucket
Organizations continue to leak data through publicly accessible Amazon S3 buckets, pointing a harsh finger at continued lax attitudes toward the custodianship of sensitive data. Verizon is the latest business affected by this epidemic, leaking in this case files marked confidential from an intern...
ACC/Ericsson Tigris Accounting Failure
The Tigris is a high-density router/remote-access platform, currently a product of Ericsson, more information on it can be found at: http://www.ericsson.com/datacom/products/wanaccess/tigris/index.shtml There appears to be a bug in the Tigris operating system software that causes Radius accountin...