7 matches found
PT-2026-29663
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, in src/endpoints/search.js, the hostname is checked against /^d+.d+.d+.d+$/. This only...
CVE-2022-2913 Login No Captcha reCAPTCHA < 1.7 - IP Check Bypass
The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen...
Login No Captcha reCAPTCHA < 1.7 - IP Check Bypass
The plugin doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen. Set HTTPCLIENTIP, HTTPXFORWARDEDFOR or any other header in LoginNoCaptcha::getipaddress which is then checked against the whitelist and...
CVE-2021-24964 LiteSpeed Cache < 4.4.4 - IP Check Bypass to Unauthenticated Stored XSS
The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if...
LiteSpeed Cache < 4.4.4 - IP Check Bypass to Unauthenticated Stored XSS
The plugin does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if a setting is enabled, which will then ...
LiteSpeed Cache < 4.4.4 - IP Check Bypass to Unauthenticated Stored XSS
The plugin does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if a setting is enabled, which will then ...
WordPress LiteSpeed Cache plugin <= 4.4.3 - IP Check Bypass to Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
IP Check Bypass to Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Emil Kylander in WordPress LiteSpeed Cache plugin versions = 4.4.3. Solution Update the WordPress LiteSpeed Cache plugin to the latest available version at least 4.4.4...