CVE-2024-53739

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Cool Plugins Cryptocurrency Widgets For Elementor allows PHP Local File Inclusion.This issue affects Cryptocurrency Widgets For Elementor: from n/a through 1.6.4...

WordPress plugin Pricing table addon for elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-35338 · Shopready · Shopready

Name of the Vulnerable Software and Affected Versions: Shopready versions n/a through 3.5 Description: The issue affects the Shopready PHP application, allowing for PHP Local File Inclusion due to improper control of filename for include/require statement. This is related to a 'PHP Remote File...

PT-2024-35342 · Webbytemplate · Webbytemplate Office Locator

Name of the Vulnerable Software and Affected Versions: webbytemplate Office Locator versions 1.3.0 and earlier Description: The issue is related to improper control of filename for include/require statement in PHP program, also known as 'PHP Remote File Inclusion'. This vulnerability affects the...

CLSA-2024-1732703448 squid34: Fix of CVE-2024-45802

CVE-2024-45802: disable ESI...

CXF: SSRF Vulnerability

A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

CXF: SSRF Vulnerability

A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

CVE-2024-11455

The Include Mastodon Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'include-mastodon-feed' shortcode in all versions up to, and including, 1.9.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2024-11455

CVE-2024-11455 – Include Mastodon Feed (WordPress) Stored XSS in the Include Mastodon Feed plugin for WordPress affects versions up to and including 1.9.5. The vulnerability arises from insufficient input sanitization and output escaping on user-supplied attributes in the include-mastodon-feed sh...

WordPress plugin Include Mastodon Feed 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Include Mastodon Feed plugin <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Include Mastodon Feed versions = 1.9.5...

PT-2024-17006 · WordPress · Mastodon Feed

Name of the Vulnerable Software and Affected Versions: Include Mastodon Feed plugin for WordPress versions up to, and including, 1.9.5 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the...

WordPress Include Mastodon Feed Plugin <= 1.9.5 is vulnerable to Cross Site Scripting (XSS)

Software Include Mastodon Feed Type Plugin Vulnerable versions = 1.9.5 Fixed in 1.9.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11455 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6b915ee78c03 Credits Peter Thaleikis...

CVE-2024-52428

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Scripteo Ads Booster by Ads Pro allows PHP Local File Inclusion.This issue affects Ads Booster by Ads Pro: from n/a through 1.12...

CVE-2024-52427

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Server Side Include SSI Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through 2.3.11...

CVE-2024-52427

Deserialization of Untrusted Data vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Server Side Include SSI Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through = 2.3.11...

CVE-2024-52427 WordPress Event Tickets with Ticket Scanner plugin <= 2.3.11 - Remote Code Execution (RCE) vulnerability

Deserialization of Untrusted Data vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Server Side Include SSI Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through = 2.3.11...

PT-2024-35267 · Unknown · Event Tickets With Ticket Scanner

Name of the Vulnerable Software and Affected Versions: Event Tickets with Ticket Scanner versions 2.3.11 and earlier Description: The issue affects Event Tickets with Ticket Scanner, allowing Server Side Include SSI Injection due to improper neutralization of special elements used in a template...

CVE-2024-50457

: Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.6.3...

CVE-2024-50436

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Theme Horse Clean Retina.This issue affects Clean Retina: from n/a through 3.0.6...