📄 Microsoft SQL Server 2022 Missing Log Entry

Microsoft SQL Server 2022 fails to properly log when a security audit is configured for SERVERPERMISSIONCHANGEGROUP. Title: SQL Server 2022 Security Audit Failure Vulnerability Product: Microsoft SQL Server Affected Versions: 2022 RTM-CU18 KB5050771 Tested Versions: 2022 RTM-CU18 KB5050771 Fix:...

WordPress MAS Static Content plugin <= 1.0.8 - Authenticated (Contributor+) Private Static Content Page Disclosure vulnerability

Authenticated Contributor+ Private Static Content Page Disclosure vulnerability discovered by emad in WordPress Plugin MAS Static Content versions = 1.0.8...

WordPress Import and export users and customers plugin <= 1.26.8 - Sensitive Information via Imported File vulnerability

Sensitive Information via Imported File vulnerability discovered by emad Patchstack Alliance in WordPress Plugin Import and export users and customers versions = 1.26.8...

WordPress Import and export users and customers Plugin <= 1.26.8 is vulnerable to Sensitive Data Exposure

Software Import and export users and customers Type Plugin Vulnerable versions = 1.26.8 Fixed in 1.26.9 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-38787 Patch priority Low CVSS severity Low 7.5 Developer Codection PSID a113b5766398 Credits emad...

WordPress WordPress File Upload plugin <= 4.24.7 - Broken Access Control + CSRF vulnerability

Broken Access Control + CSRF vulnerability discovered by emad Patchstack Alliance in WordPress Plugin WordPress File Upload versions = 4.24.7...

WordPress Advanced File Manager plugin <= 5.2.4 - Sensitive Information Exposure via Directory Listing vulnerability

Sensitive Information Exposure via Directory Listing vulnerability discovered by emad in WordPress Plugin Advanced File Manager versions = 5.2.4...

WordPress Backup Migration plugin <= 1.4.3 - Sensitive Data Exposure via Log vulnerability

Sensitive Data Exposure via Log vulnerability discovered by emad Patchstack Alliance in WordPress Plugin Backup Migration versions = 1.4.3...

WordPress BA Book Everything plugin <= 1.6.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by emad Patchstack Alliance in WordPress Plugin BA Book Everything versions = 1.6.8...

WordPress Advanced Cron Manager – debug & control plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by emad Patchstack Alliance in WordPress Plugin Advanced Cron Manager – debug & control versions = 2.5.2...

WordPress Responsive Lightbox & Gallery plugin <= 2.4.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by emad Patchstack Alliance in WordPress Plugin Responsive Lightbox versions = 2.4.6...

Oracle DBMS_REDACT Dynamic Data Masking Bypass Vulnerability

Proof of concept overview on how the DBMSREDACT Dynamic Data Masking security feature in Oracle can be bypassed. Affected versions include 19c and 21c. Title: ByPassing DBMSREDACT Dynamic Data Masking security feature in Oracle database system Product: Database Manufacturer: Oracle Affected...