PT-2024-34787 · WordPress · Amazon Associate Filter

Name of the Vulnerable Software and Affected Versions: Amazon Associate Filter versions 0.4 and earlier Description: A Cross-Site Request Forgery CSRF vulnerability allows Stored XSS attacks. This issue affects the Amazon Associate Filter plugin for WordPress. Remediation is crucial to safeguard...

CVE-2024-45461 Apache CloudStack Quota plugin: Access checks not enforced in Quota

The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administrative CloudStack user accounts are able to acce...

PT-2024-9895 · Glpi +1 · Fields Plugin +1

Name of the Vulnerable Software and Affected Versions: Fields plugin for GLPI versions prior to 1.21.13 Description: The issue is related to a lack of protection against SQL injection attacks in the Fields plugin for GLPI. This allows an authenticated user to perform a SQL injection when the plug...

PT-2024-38637 · WordPress · Simple Headline Rotator

Name of the Vulnerable Software and Affected Versions: The Simple Headline Rotator WordPress plugin version 1.0 Description: The issue is related to the lack of CSRF checks in some places, as well as missing sanitization and escaping, which could allow attackers to make logged-in admins add Store...

PT-2024-30128 · Dokuwiki · Indexmenu Plugin

Name of the Vulnerable Software and Affected Versions: indexmenu plugin version v2024-01-05 Description: A Cross-site Scripting XSS issue exists in the indexmenu plugin for Dokuwiki. This allows a malicious attacker to input XSS payloads, for example, when creating or editing a page. The XSS is...

Vulnerabilities fixed in Docker Moby

A vulnerability has been fixed in Docker Moby. The vulnerability allows a malicious party to increase privileges via an API request by bypassing a security measure. This vulnerability is only exploitable when using an AuthZ plugin to manage access rights. The Docker team has released an update to...

PT-2024-36388 · WordPress · Panda Video

Name of the Vulnerable Software and Affected Versions: Panda Video plugin for WordPress versions up to, and including, 1.4.0 Description: The issue allows authenticated attackers with Contributor-level access and above to include and execute arbitrary files on the server via the selected button...

PT-2024-25437 · WordPress · Regenerate Post Permalink

Name of the Vulnerable Software and Affected Versions: Regenerate post permalink versions n/a through 1.0.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Cross-Site Scripting XSS in the Regenerate post permalink plugin. Recommendations: For versions n/a...

PT-2024-23403 · WordPress · Wordpress Announcement & Notification Banner Plugin – Bulletin

Name of the Vulnerable Software and Affected Versions: WordPress Announcement & Notification Banner Plugin – Bulletin versions 3.8.5 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allo...

PT-2024-22186 · WordPress · Wp Responsive Tabs Horizontal Vertical/Accordion Tabs

Name of the Vulnerable Software and Affected Versions: WP Responsive Tabs horizontal vertical and accordion Tabs versions 1.1.17 and earlier Description: The issue is related to improper neutralization of input during web page generation, which can lead to stored cross-site scripting XSS. This...

PT-2024-5009 · Openvpn +1 · Openvpn +1

Name of the Vulnerable Software and Affected Versions: OpenVPN versions 2.6.9 and earlier Description: The issue is related to the unrestricted loading of plug-in files in OpenVPN on Windows. This allows an attacker to load an arbitrary plug-in, which can interact with the privileged OpenVPN...

CVE-2023-46241 Potential account take over due to unverified emails from Microsoft Identity Platform

discourse-microsoft-auth is a plugin that enables authentication via Microsoft. On sites with the discourse-microsoft-auth plugin enabled, an attack can potentially take control of a victim's Discourse account. Sites that have configured their application's account type to any options other than...

PT-2024-20003 · Discourse · Discourse Ai

Name of the Vulnerable Software and Affected Versions: discourse-ai versions prior to commit 94ba0dadc2cf38e8f81c3936974c167219878edd Description: The discourse-ai plugin for the open-source discussion platform Discourse is affected by an issue where interactions with different AI services are...

PT-2024-14842 · WordPress · Wp Custom Cursors

Name of the Vulnerable Software and Affected Versions: The WP Custom Cursors | WordPress Cursor Plugin versions through 3.2 Description: The issue allows high privilege users, such as admin, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, fo...

PT-2023-30533 · WordPress · Registrationmagic

Name of the Vulnerable Software and Affected Versions: RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login versions n/a through 5.2.2.6 Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions. The estimated...

PT-2023-8658 · Atlassian · Jira

Name of the Vulnerable Software and Affected Versions: Better PDF Exporter for Jira Server and Jira Data Center versions 10.3.0 and before Description: The issue is related to insufficient server-side request validation in the Better PDF Exporter plugin for Atlassian Jira Server and Data Center...

PT-2023-30402 · Pkp-Wal · Pkp-Wal

Name of the Vulnerable Software and Affected Versions: PKP-WAL versions prior to 3.3.0-16 PKP-WAL versions prior to 3.4.0-3 Description: The issue arises from the failure to verify that a file named in an XML document, used for the native import/export plugin, is an image file before attempting t...

PT-2023-8914 · Grafana +1 · Grafana Worldmap Panel Plugin +1

Name of the Vulnerable Software and Affected Versions: Grafana WorldMap panel plugin versions prior to 1.0.4 Description: The issue is related to a DOM XSS vulnerability in the WorldMap panel plugin of the Grafana platform, which is caused by improper neutralization of input during webpage...

PT-2023-25713 · Unknown +1 · Uptime Kuma +1

Name of the Vulnerable Software and Affected Versions: Uptime Kuma versions prior to 1.22.1 Description: The issue allows an authenticated attacker to install a maliciously crafted plugin, potentially leading to remote code execution. Uptime Kuma permits authenticated users to install plugins fro...

PT-2023-25168 · Digital.Ai +1 · Jenkins Digital.Ai App Management Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Digital.ai App Management Publisher Plugin versions 2.6 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials...