613 matches found
PT-2024-15748 · WordPress · The Ninja Forms Contact Form – The Drag/Drop Form Builder For Wordpress
Name of the Vulnerable Software and Affected Versions: The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress versions up to, and including, 3.7.1 Description: The issue is related to Second Order SQL Injection via the email address value submitted throug...
GHSA-9RHQ-86FM-QXQC Duplicate Advisory: Hard-coded credentials in org.folio:mod-data-export-spring
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vf78-3q9f-92g3. This link is maintained to preserve external references. Original Description Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows...
CVE-2024-23687
Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines...
CVE-2024-23687
Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines...
CVE-2024-23687
CVE-2024-23687 affects the FOLIO module-data-export-spring. The issue arises from hard-coded credentials in the module, allowing unauthenticated access to critical APIs and enabling modification of user data, configurations (including single sign-on), and fees/fines. Affected versions are before ...
CVE-2024-23687 FOLIO mod-data-export-spring Hard-Coded Credentials
Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines...
CVE-2024-23687 FOLIO mod-data-export-spring Hard-Coded Credentials
Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines...
CVE-2024-22422
AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit 08d33cfd8 an unauthenticated API route file export can allow attacker to crash the server resulting in a denial of...
mod-data-export-spring Trust Management Issues Vulnerability
mod-data-export-spring is a FOLIO open source API for data export Spring modules. A security vulnerability exists in mod-data-export-spring versions prior to 1.5.4, 2.0.0 through 2.0.2, which stems from the use of hard-coded credentials...
PT-2024-19413 · Unknown · Anything-Llm
Name of the Vulnerable Software and Affected Versions: AnythingLLM versions prior to commit 08d33cfd8 Description: AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit...
CVE-2023-5905 DeMomentSomTres WordPress Export Posts With Images <= 20220825 - Subscriber+ unauthorized data export
The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as...
CVE-2023-5905 DeMomentSomTres WordPress Export Posts With Images <= 20220825 - Subscriber+ unauthorized data export
The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as...
PT-2024-14841 · WordPress · Demomentsomtres Wordpress Export Posts With Images
Name of the Vulnerable Software and Affected Versions: DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 Description: The issue allows any logged-in user, such as subscribers, to export the contents of the blog, including restricted and unpublished posts, as wel...
CVE-2023-7068
The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on theprintpackinglist action in all versions up to, and including, 4.3.0. This makes it possible for authenticated...
DeMomentSomTres WordPress Export Posts With Images <= 20220825 - Subscriber+ unauthorized data export
Description The plugin does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as passwords of protected posts. PoC...
DeMomentSomTres WordPress Export Posts With Images <= 20220825 - Subscriber+ unauthorized data export
Description The plugin does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as passwords of protected posts...
CVE-2023-4724
The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the wpquery parameter which allows an attacker to run arbitrary command on the remote server...
Command injection
The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the wpquery parameter which allows an attacker to run arbitrary command on the remote server...
CVE-2023-4724 WP All Export (Free < 1.4.0, Pro < 1.8.6) - Admin+ RCE
The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the wpquery parameter which allows an attacker to run arbitrary command on the remote server...
Exploit for CVE-2023-6289
CVE-2023-6289 Swift Performance Lite = 2.3.6.14 - Missing...