15 matches found
CVE-2025-12847 All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic <= 4.8.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Media Deletion
The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to unauthorized arbitrary media attachment deletion due to a missing authorization check in all versions up to, and including, 4.8.9. This is due to the REST API endpoint...
CVE-2025-4689
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion which leads to Remote Code Execution in all versions up to, and including, 4.89. This is due to the presence of a SQL Injection vulnerability and Local File Inclusion...
WordPress plugin OSS Upload 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
CVE-2022-24897
APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File API to perform read or write operations on the filesystem...
WordPress WP-Spreadplugin plugin <= 4.8.9 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Sharanabasappa Patchstack Alliance in WordPress Plugin WP-Spreadplugin versions = 4.8.9...
CVE-2022-34560
A cross-site scripting XSS vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter...
EasyCorp EasyAdmin 跨站脚本漏洞
Easyadmin is a simple, lightweight backend management system scaffolding by laker individual developers. A cross-site scripting vulnerability exists in EasyCorp EasyAdmin 4.8.9 and earlier versions, which stems from a cross-site scripting XSS vulnerability in Autocomplete's function Autocomplete ...
CVE-2023-5534
The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9 and 4.9.2. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated attackers to invoke those functions vi...
PT-2023-31923 · WordPress · Ai Chatbot
Name of the Vulnerable Software and Affected Versions: AI ChatBot plugin for WordPress versions up to, and including, 4.8.9 AI ChatBot plugin for WordPress version 4.9.2 Description: The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion. This makes it possible for...
NetApp SnapCenter Security Vulnerability
NetApp SnapCenter is a suite of applications from Network Appliance NetApp that provides the ability to back up, authenticate, clone, and restore NetApp storage systems. A security vulnerability exists in NetApp SnapCenter versions 4.8 through 4.9 that originates from allowing authenticated...
Zope Security Vulnerability
Zope is a set of object-oriented, open source web application servers written in the Python language by the Zope community. A security vulnerability exists in Zope that stems from a stored cross-site scripting vulnerability XSS vulnerability in SVG images. The vulnerability can be exploited to...
Intel SUR 代码问题漏洞
Intel SUR is a Software Asset Manager software from Intel Corporation USA. A security vulnerability exists in IntelR SUR version 2.4.8902, which stems from an improper condition check in the software that could allow a privileged user to covertly enable denial of service via network access...
PT-2022-6908 · Atlassian · Crucible +1
Name of the Vulnerable Software and Affected Versions: Fisheye and Crucible versions prior to 4.8.9 Description: The issue is related to insufficient protection of service data in Fisheye and Crucible, allowing a remote attacker to gain unauthorized access to protected information. The...
Atlassian Fisheye和Crucible 安全漏洞
Atlassian Fisheye is a suite of source code deep viewing software.Atlassian Crucible is a suite of code review tools. A security vulnerability exists in Atlassian Fishey and Crucible versions prior to 4.8.9, which can be exploited by an attacker to inject arbitrary HTML and/or JavaScript...
DEBIAN-CVE-2017-1000369
Exim supports the use of multiple "-p" command line arguments which are malloc'ed and never free'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch...