CVE-2024-7094

The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via the 'storeTheme' function. This is due to a lack of sanitization on user-supplied values, which...

CVE-2024-10002

The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'roveridxrefreshsocialcallback' function. This makes it possible for authenticated attackers, with...

CVE-2024-7781

CVE-2024-7781 concerns Jupiter X Core for WordPress. The records show an authentication bypass in all versions up to and including 4.7.5, enabling unauthenticated attackers to log in as the first user who logged in via a social media account (potentially an admin). The vulnerability can be exploi...

CVE-2024-6000 FooEvents for WooCommerce <= 1.19.20 - Improper Authorization to (Contributor+) Arbitrary File Upload

The FooEvents for WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability setting on the 'displayticketthemespage' function in versions up to, and including, 1.19.20. This makes it possible for authenticated attackers with...

CVE-2024-3807

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via ‘portopageheadershortcodetype’, ‘slideshowtype’ and ‘postlayout’ post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to...

CVE-2024-3895

The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdpaddnewdatepickerajax function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2023-4919 iframe <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'iframe' Shortcode

The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the iframe shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above, ...

Microsoft Windows XP - win32k.sys Local Kernel Denial of Service

Microsoft Windows XP - win32k.sys Local Kernel Denial of Service //////////////////////////////////////////////////////////////////////////// // // Title: Microsoft Windows xp Win32k.sys Local Kernel DoS Vulnerability // Author: Lufeng Li of Neusoft Corporation // Vendor: www.microsoft.com //...

Microsoft Windows XP Win32k.sys Denial Of Service

//////////////////////////////////////////////////////////////////////////// // // Title: Microsoft Windows xp Win32k.sys Local Kernel DoS Vulnerability // Author: Lufeng Li of Neusoft Corporation // Vendor: www.microsoft.com // Vulnerable: Windows xp sp3full patch //...

Microsoft Windows XP - &#039;win32k.sys&#039; Local Kernel Denial of Service

//////////////////////////////////////////////////////////////////////////// // // Title: Microsoft Windows xp Win32k.sys Local Kernel DoS Vulnerability // Author: Lufeng Li of Neusoft Corporation // Vendor: www.microsoft.com // Vulnerable: Windows xp sp3full patch //...

[x0n3-h4ck]Drake CMS v 0.2 XSS exploit

-=--------------------ADVISORY-------------------=- Drake CMS V. 0.2 Author: CorryL x0n3-h4ck.org -=-----------------------------------------------=- -=+ Application: Drake CMS -=+ Version: 0.2 -=+ Vendor's URL: https://sourceforge.net/projects/drakecms/ -=+ Platform: WindowsLinuxUnix -=+ Bug typ...

drakeCMS.txt

-=--------------------ADVISORY-------------------=- Drake CMS V. 0.2 Author: CorryL x0n3-h4ck.org -=----------------------------------------------------=- -=+ Application: Drake CMS -=+ Version: 0.2 -=+ Vendor's URL: https://sourceforge.net/projects/drakecms/ -=+ Platform: Windows\Linux\Unix -=+...

[Full-disclosure] [x0n3-h4ck.org] Bug on Drake CMS v0.2

-=--------------------ADVISORY-------------------=- Drake CMS V. 0.2 Author: CorryL x0n3-h4ck.org -=----------------------------------------------------=- -=+ Application: Drake CMS -=+ Version: 0.2 -=+ Vendor's URL: https://sourceforge.net/projects/drakecms/ -=+ Platform: WindowsLinuxUnix -=+ Bu...