WordPress Plugin GTG Product Feed for Shopping Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-15181 · WordPress · The Lightstart – Maintenance Mode

Name of the Vulnerable Software and Affected Versions: The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress versions up to, and including, 2.6.8 Description: The issue is related to a missing capability check on the insert template function, allowing...

WordPress Plugin Gallery Plugin for WordPress Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

Type Juggling Leads to Two Vulnerabilities in POST SMTP Mailer WordPress Plugin

On December 14th, 2023, during our Bug Bounty Program Holiday Bug Extravaganza, we received a submission for an Authorization Bypass vulnerability in POST SMTP Mailer, a WordPress plugin with over 300,000+ active installations. This vulnerability makes it possible for unauthenticated threat actor...

CVE-2023-6158

CVE-2023-6158 (EventON WordPress Plugin) : The vulnerability arises from a missing capability check in evo_eventpost_update_meta, allowing unauthenticated attackers to update and remove arbitrary post metadata. Affected are EventON Pro (versions <= 4.5.4) and EventON (free) (versions

CVE-2023-6158 EventON - WordPress Virtual Event Calendar Plugin Pro <= 4.5.4 & Free <= 2.2.7 - Missing Authorization to Arbitrary Post Meta Update via evo_eventpost_update_meta

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evoeventpostupdatemeta function in all versions up to, and including, 4.5.4 for Pro and 2.2.7 for free. This make...

VulnCheck KEV: CVE-2023-6875

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7...

CVE-2023-6921

Blind SQL Injection vulnerability in PrestaShow Google Integrator PrestaShop addon allows for data extraction and modification. This attack is possible via command insertion in one of the cookies...

Sql injection

Blind SQL Injection vulnerability in PrestaShow Google Integrator PrestaShop addon allows for data extraction and modification. This attack is possible via command insertion in one of the cookies...

CVE-2023-6921

CVE-2023-6921 refers to a blind SQL injection vulnerability in the PrestaShop addon “PrestaShow Google Integrator.” The issue arises from command insertion in a cookie, enabling data extraction and data modification. Affected software is the PrestaShow Google Integrator for PrestaShop; a known fi...

CVE-2024-22216

In default installations of Microchip maxView Storage Manager for Adaptec Smart Storage Controllers where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 exce...

CVE-2024-22216

In default installations of Microchip maxView Storage Manager for Adaptec Smart Storage Controllers where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 exce...

Information disclosure

In default installations of Microchip maxView Storage Manager for Adaptec Smart Storage Controllers where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 exce...

CVE-2024-22216

CVE-2024-22216 affects Microchip maxView Storage Manager (Adaptec Smart Storage Controllers). The vulnerability resides in the Redfish server handling in versions 3.00.23484 through 4.14.00.26064, with older builds prior to 3.07.23980 and 4.07.00.25339 also affected. The issue allows unauthorized...

CVE-2024-22216

In default installations of Microchip maxView Storage Manager for Adaptec Smart Storage Controllers where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 exce...

PT-2024-1075 · Microchip · Maxview Storage Manager

Name of the Vulnerable Software and Affected Versions: Microchip maxView Storage Manager versions 3.00.23484 through 4.14.00.26064 Microchip maxView Storage Manager versions prior to 3.07.23980 Microchip maxView Storage Manager versions prior to 4.07.00.25339 Description: The issue is related to...

Local Delivery Drivers for WooCommerce < 1.9.1 - Missing Authorization to Driver Account Takeover

Description The Local Delivery Drivers for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'lddfweditdriverservice' function in all versions up to, and including, 1.9.0. This makes it possible for...

LightStart < 2.6.9 - Subscriber+ Page design Update

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the inserttemplate function, allowing authenticated attackers, with subscriber-level access and above, to change page designs...

ProjectHuddle Client Site < 1.0.35 - Missing Authorization via ph_child_ajax_notice_handler

Description The ProjectHuddle Client Site plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'phchildajaxnoticehandler' function in versions up to, and including, 1.0.34. This makes it possible for authenticated attackers, with...

Molongui < 4.7.4 - Missing Authorization

Description The Molongui plugin for WordPress is vulnerable to unauthorized modification and access of data due to missing capability checks on the authorshipexportoptions and authorshipsaveoptions functions hooked via AJAX in versions up to, and including, 4.7.3. This makes it possible for...