CVE-2019-6792

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project import, the error message will display instance internal information...

CVE-2019-6792

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project import, the error message will display instance internal information...

CVE-2019-6792

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project import, the error message will display instance internal information...

Path traversal

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project import, the error message will display instance internal information...

CVE-2019-6792

Removed by vendor...

WordPress LifterLMS plugin <= 3.34.5 - Unauthenticated Options Import vulnerability

Unauthenticated Options Import vulnerability found by Jerome Bruandet Nintechnet in WordPress LifterLMS plugin versions = 3.34.5. Solution Update the WordPress LifterLMS plugin to the latest available version at least 3.35.1...

LifterLMS <= 3.34.5 - Unauthenticated Options Import

Unauthenticated Options Import, which could lead to - Website Redirection - Administrator Account Creation - Content Injection - Stored XSS The issues have been reported as fixed in 3.35.0. However v3.35.1 added additional input sanitisation and filtering...

WordPress LoginPress Plugin Authorization Issue Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.LoginPress is a login page customization plugin used in it. An authorization issue vulnerability exists in the WordPress LoginPress...

CVE-2019-15872

The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings...

CVE-2019-15872

The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings...

Sql injection

The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings...

CVE-2019-15872

The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings...

CVE-2019-15858

admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution...

CVE-2019-15858

admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution...

CVE-2019-15858

admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution...

CVE-2019-15819

The nd-restaurant-reservations plugin before 1.5 for WordPress has no requirement for ndrstimportsettingsphpfunction authentication...

CVE-2019-15821

The bold-page-builder plugin before 2.3.2 for WordPress has no protection against modifying settings and importing data...

Design/Logic Flaw

The bold-page-builder plugin before 2.3.2 for WordPress has no protection against modifying settings and importing data...

CVE-2019-15821

The bold-page-builder plugin before 2.3.2 for WordPress has no protection against modifying settings and importing data...

CVE-2019-9697

An information disclosure vulnerability in the Management Center MC REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access...