WordPress Page Parts Plugin <= 1.4.3 is vulnerable to Cross Site Scripting (XSS)

Software Page Parts Type Plugin Vulnerable versions = 1.4.3 Fixed in 1.4.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11360 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6c5273fd367a Credits vgo0 Required privileg...

WordPress Backup Migration Plugin <= 1.4.3 is vulnerable to Sensitive Data Exposure

Software Backup Migration Type Plugin Vulnerable versions = 1.4.3 Fixed in 1.4.4 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-32686 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 6f8f6222b4f0 Credits emad...

WordPress WordPress Backup & Migration Plugin <= 1.4.3 is vulnerable to Broken Access Control

Software WordPress Backup & Migration Type Plugin Vulnerable versions = 1.4.3 Fixed in 1.4.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-52183 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e20ae588b69a Credits Abdi Pranata...

Possible XSS vulnerability with certain configurations of rails-html-sanitizer

Summary There is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. - Versions affected: ALL - Not affected: NONE - Fixed versions: 1.4.4 Impact A possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject...

UBUNTU-CVE-2018-1000888

PEAR ArchiveTar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the ArchiveTar class. There are several file operations with $vheader'filename' as parameter such as fileexists, isfile, isdir, etc. When extract is called without a specific prefix path, we can trigger...