WordPress Plugin Funnelforms Free Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

WordPress Plugin Funnelforms Free Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2023-32091 · WordPress · Funnelforms

Name of the Vulnerable Software and Affected Versions: Funnelforms Free plugin for WordPress versions up to, and including, 3.4 Description: The issue allows authenticated attackers with subscriber-level permissions and above to modify the Funnelforms category for a given post ID due to a missing...

WordPress Plugin Funnelforms Free Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Plugin Funnelforms Free Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2023-32085 · WordPress · Funnelforms Free

Name of the Vulnerable Software and Affected Versions: Funnelforms Free plugin for WordPress versions up to, and including, 3.4 Description: The issue allows authenticated attackers with subscriber-level permissions and above to modify data without authorization due to a missing capability check ...

WordPress Plugin Funnelforms Free Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Plugin Funnelforms Free Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Cross-Site Request Forgery with QueryOnXWiki allows arbitrary database queries

Impact A CSRF vulnerability in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. Among other things, this allows modifying and deleting all data of the wiki. This could be both used to damage the wiki and to create an account with...

CVE-2023-48293

The XWiki Admin Tools Application provides tools to help the administration of XWiki. Prior to version 4.5.1, a cross-site request forgery vulnerability in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. Among other things, this allow...

Cross site request forgery (csrf)

The XWiki Admin Tools Application provides tools to help the administration of XWiki. Prior to version 4.5.1, a cross-site request forgery vulnerability in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. Among other things, this allow...

Admin Tools Application Cross-Site Request Forgery Vulnerability

Admin Tools Application is an open source advanced management tool for XWiki from the XWiki Foundation. A cross-site request forgery vulnerability exists in Admin Tools Application versions prior to 4.5.1, which stems from a vulnerability that allows arbitrary database queries to be performed on...

Microsoft Edge Security Breach

Microsoft Edge is a web browser from Microsoft Corporation USA that comes with systems after Windows 10. A security vulnerability exists in versions prior to Microsoft Edge 119.0.2151.72, which stems from a fraud vulnerability in the software that could be exploited by an attacker to potentially...

The vulnerability of the web server of Delta Electronics’ DX-3021L9 microprogrammed router software arises from insufficient validation of input data. This allows attackers to add, modify, or delete data.

The vulnerability of the web server of the microprogrammed routing software from Delta Electronics DX-3021L9 exists due to insufficient verification of input data. Exploiting this vulnerability can allow a remote attacker to add, modify, or delete data...

WordPress Contact Form To Any API 1.1.2 SQL Injection Vulnerability

WordPress Contact Form to Any API plugin version 1.1.2 suffers from a remote SQL injection vulnerability. Exploit Title: WP Plugins Contact Form to Any API = 1.1.2 - SQL Injection Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/contact-form-to-any-api/ Vendor Homepage:...

CVE-2023-6097

A SQL injection vulnerability has been found in ICS Business Manager, affecting version 7.06.0028.7089. This vulnerability could allow a remote user to send a specially crafted SQL query and retrieve all the information stored in the database. The data could also be modified or deleted, causing t...

WordPress Contact Form To Any API 1.1.2 SQL Injection

Exploit Title: WP Plugins Contact Form to Any API = 1.1.2 - SQL Injection Date: 12-11-2023 Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/contact-form-to-any-api/ Vendor Homepage: https://www.itpathsolutions.com/ Version: 1.1.2 Tested on: Windows, Linux CVE: CVE-2023-32741...

The vulnerability of the Visual Analyzer component of the Oracle Business Intelligence Enterprise Edition software platform allows a perpetrator to gain access to read data or modify data.

The vulnerability of the Visual Analyzer component of the Oracle Business Intelligence Enterprise Edition software exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain read access to data or modify data using HTTP...

CVE-2023-47128

Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction savepoints in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a savepoints name...

OESA-2023-1814 openjdk-latest security update

The OpenJDK runtime environment. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK:...