EUVD-2024-50145

Malicious code in bioql PyPI...

EUVD-2024-50106

Malicious code in bioql PyPI...

EUVD-2024-50105

Malicious code in bioql PyPI...

CVE-2024-9778

The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'imagepressadminpage' function. This makes it possible for unauthenticated attackers to update...

CVE-2024-9824

The ImagePress – Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ipdeletepost' and 'ipupdateposttitle' functions in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers...

CVE-2024-9776

The ImagePress – Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

WordPress ImagePress plugin <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Post Title Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Post Deletion and Post Title Update vulnerability discovered by Michelle Porter in WordPress Plugin ImagePress versions = 1.2.2...

WordPress ImagePress Plugin <= 1.2.2 is vulnerable to Broken Access Control

Software ImagePress Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.3.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9824 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 664cdc394386 Credits Michelle Porter Required privilege...

WordPress ImagePress Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software ImagePress Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.3.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-9778 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 64726d176639 Credits Michelle Porter Required...

CVE-2024-9778

The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'imagepressadminpage' function. This makes it possible for unauthenticated attackers to update...

CVE-2024-9824

The ImagePress – Image Gallery WordPress plugin is affected up to version 1.2.2 by a Broken Access Control issue: missing capability checks on ip_delete_post and ip_update_post_title allow authenticated users with Subscriber+ rights to delete arbitrary posts and change post titles. Public details...

PT-2024-39836 · WordPress · Imagepress

Name of the Vulnerable Software and Affected Versions: ImagePress – Image Gallery plugin for WordPress versions up to, and including, 1.2.2 Description: The issue is due to missing or incorrect nonce validation on the imagepress admin page function, making it possible for unauthenticated attacker...