CVE-2024-52401 WordPress Hacklog DownloadManager plugin <=2.1.4 - CSRF to Arbitrary File Upload vulnerability

Cross-Site Request Forgery CSRF vulnerability in 荒野无灯 Hacklog DownloadManager allows Upload a Web Shell to a Web Server.This issue affects Hacklog DownloadManager: from n/a through 2.1.4...

CVE-2024-52401

CVE-2024-52401 affects Hacklog DownloadManager plugin (WordPress). A CSRF to Arbitrary File Upload vulnerability exists in versions 2.1.4 and earlier. The CVE entry notes a high-impact flaw (CVSS v3.1: 9.6, network vector, no privileges, user interaction required, changed scope, complete confiden...

CVE-2024-52401 WordPress Hacklog DownloadManager plugin <=2.1.4 - CSRF to Arbitrary File Upload vulnerability

Cross-Site Request Forgery CSRF vulnerability in HuangYe WuDeng Hacklog DownloadManager hacklog-downloadmanager allows Upload a Web Shell to a Web Server.This issue affects Hacklog DownloadManager: from n/a through = 2.1.4...

WordPress plugin Hacklog DownloadManager 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site reques...

PT-2024-35240 · Hacklog · Hacklog Downloadmanager

Name of the Vulnerable Software and Affected Versions: Hacklog DownloadManager versions 2.1.4 and earlier Description: A Cross-Site Request Forgery CSRF issue in Hacklog DownloadManager allows attackers to upload a web shell to a web server. This can be exploited by attackers to gain unauthorized...

WordPress Hacklog DownloadManager plugin <=2.1.4 - CSRF to Arbitrary File Upload vulnerability

CSRF to Arbitrary File Upload vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Hacklog DownloadManager versions = 2.1.4...

WordPress Hacklog DownloadManager Plugin <= 2.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Hacklog DownloadManager Type Plugin Vulnerable versions = 2.1.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-52401 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID ba0d306fec3c Credits Joshua Chan...

Hacklog Down As PDF <= 2.3.6 - Reflected Cross-Site Scripting

Description The Hacklog Down As PDF plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.3.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2024-31090

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 荒野无灯 Hacklog Down As PDF allows Reflected XSS.This issue affects Hacklog Down As PDF: from n/a through 2.3.6...

CVE-2024-31090 WordPress Hacklog Down As PDF plugin <= 2.3.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 荒野无灯 Hacklog Down As PDF allows Reflected XSS.This issue affects Hacklog Down As PDF: from n/a through 2.3.6...

CVE-2024-31090 WordPress Hacklog Down As PDF plugin <= 2.3.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 荒野无灯 Hacklog Down As PDF allows Reflected XSS.This issue affects Hacklog Down As PDF: from n/a through 2.3.6...

PT-2024-23758 · Unknown · Hacklog Down As Pdf

Name of the Vulnerable Software and Affected Versions: Hacklog Down As PDF versions 2.3.6 and earlier Description: The issue affects the Hacklog Down As PDF software, allowing for Reflected XSS due to improper neutralization of input during web page generation. Recommendations: For versions 2.3.6...

WordPress Plugin Hacklog Down As PDF 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Hacklog Down As PDF A...

WordPress Hacklog Down As PDF plugin <= 2.3.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Hacklog Down As PDF versions = 2.3.6...

WordPress Hacklog Down As PDF Plugin <= 2.3.6 is vulnerable to Cross Site Scripting (XSS)

Software Hacklog Down As PDF Type Plugin Vulnerable versions = 2.3.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-31090 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 688ae2dee281 Credits Dimas Maulana Required privile...