WordPress plugin WPMozo Addons Lite for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

PT-2025-4476 · Service Shogun · Ach Invoice App

Name of the Vulnerable Software and Affected Versions: Ach Invoice App versions 1.0.1 and earlier Description: The issue is related to improper control of filenames for Include/Require statements in PHP, allowing PHP Local File Inclusion. This problem affects the Service Shogun Ach Invoice App,...

PT-2024-36766 · Woocommerce · Dynamic Product Category Grid

Name of the Vulnerable Software and Affected Versions: Dynamic Product Category Grid, Slider for WooCommerce versions 1.1.3 and earlier Description: The issue is related to improper control of filename for Include/Require Statement in PHP Program, allowing PHP Local File Inclusion. This problem c...

The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, MATRIX Series, arises from improper handling of file names for PHP functions like include or require. This allows attackers to gain access to confidential information.

The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series is related to incorrect management of file names for PHP functions like include or require. Exploiting this vulnerability can allow an attacker to gain acce...

PT-2024-9184 · Abb · Abb Aspect +2

Name of the Vulnerable Software and Affected Versions: ABB ASPECT - Enterprise version 3.08.02 NEXUS Series version 3.08.02 MATRIX Series version 3.08.02 Description: The issue is related to Local File Inclusion vulnerabilities, which allow access to sensitive system information. This is due to...

ansible-core: Exposure of Sensitive Information in Ansible Vault Files Due to Improper Logging

A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in sensitive data...

CVE-2024-53739

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Cool Plugins Cryptocurrency Widgets For Elementor allows PHP Local File Inclusion.This issue affects Cryptocurrency Widgets For Elementor: from n/a through 1.6.4...

WordPress plugin Pricing table addon for elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-35342 · Webbytemplate · Webbytemplate Office Locator

Name of the Vulnerable Software and Affected Versions: webbytemplate Office Locator versions 1.3.0 and earlier Description: The issue is related to improper control of filename for include/require statement in PHP program, also known as 'PHP Remote File Inclusion'. This vulnerability affects the...

PT-2024-35338 · Shopready · Shopready

Name of the Vulnerable Software and Affected Versions: Shopready versions n/a through 3.5 Description: The issue affects the Shopready PHP application, allowing for PHP Local File Inclusion due to improper control of filename for include/require statement. This is related to a 'PHP Remote File...

CLSA-2024-1732703448 squid34: Fix of CVE-2024-45802

CVE-2024-45802: disable ESI...

CXF: SSRF Vulnerability

A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

CXF: SSRF Vulnerability

A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

CVE-2024-11455

The Include Mastodon Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'include-mastodon-feed' shortcode in all versions up to, and including, 1.9.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2024-11455

CVE-2024-11455 – Include Mastodon Feed (WordPress) Stored XSS in the Include Mastodon Feed plugin for WordPress affects versions up to and including 1.9.5. The vulnerability arises from insufficient input sanitization and output escaping on user-supplied attributes in the include-mastodon-feed sh...

WordPress plugin Include Mastodon Feed 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Include Mastodon Feed plugin <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Include Mastodon Feed versions = 1.9.5...

WordPress Include Mastodon Feed Plugin <= 1.9.5 is vulnerable to Cross Site Scripting (XSS)

Software Include Mastodon Feed Type Plugin Vulnerable versions = 1.9.5 Fixed in 1.9.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11455 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6b915ee78c03 Credits Peter Thaleikis...

PT-2024-17006 · WordPress · Mastodon Feed

Name of the Vulnerable Software and Affected Versions: Include Mastodon Feed plugin for WordPress versions up to, and including, 1.9.5 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the...

CVE-2024-52428

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Scripteo Ads Booster by Ads Pro allows PHP Local File Inclusion.This issue affects Ads Booster by Ads Pro: from n/a through 1.12...