EUVD-2024-36709

Malicious code in bioql PyPI...

CVE-2024-37497

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Crocoblock JetThemeCore jet-theme-core.This issue affects JetThemeCore: from n/a through 2.2.1...

CVE-2024-37497

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Crocoblock JetThemeCore jet-theme-core.This issue affects JetThemeCore: from n/a through 2.2.1...

CVE-2024-37497

CVE-2024-37497 affects Crocoblock JetThemeCore (WordPress plugin for Elementor). The connected data shows a vulnerability in JetThemeCore up to version 2.2.0 (before 2.2.1) that enables an authenticated user to delete arbitrary files, arising from improper path handling. CVSS v3.1 metrics indicat...

CVE-2024-37497 WordPress JetThemeCore plugin < 2.2.1 - Subscriber+ Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Crocoblock JetThemeCore jet-theme-core.This issue affects JetThemeCore: from n/a through 2.2.1...

CVE-2024-37497 WordPress JetThemeCore plugin < 2.2.1 - Subscriber+ Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Crocoblock JetThemeCore allows File Manipulation.This issue affects JetThemeCore: from n/a before 2.2.1...

WordPress plugin JetThemeCore path traversal vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

PT-2024-27603 · Crocoblock · Crocoblock Jetthemecore

Name of the Vulnerable Software and Affected Versions: Crocoblock JetThemeCore versions prior to 2.2.1 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability, which allows File Manipulation...

WordPress JetThemeCore plugin < 2.2.1 - Subscriber+ Arbitrary File Deletion vulnerability

Subscriber+ Arbitrary File Deletion vulnerability discovered by Dave Jong Patchstack in WordPress Plugin JetThemeCore versions 2.2.1...

WordPress JetThemeCore Plugin < 2.2.1 is vulnerable to Arbitrary File Deletion

Software JetThemeCore Type Plugin Vulnerable versions 2.2.1 Fixed in 2.2.1 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-37497 Patch priority High CVSS severity High 7.7 Developer Crocoblock PSID 285d7262cac1 Credits Dave Jong Patchstack Required...

VulnCheck KEV: CVE-2024-37497

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Crocoblock JetThemeCore allows File Manipulation.This issue affects JetThemeCore: from n/a before 2.2.1...

WordPress JetThemeCore Plugin <= 2.1.2.1 is vulnerable to Broken Access Control

Software JetThemeCore Type Plugin Vulnerable versions = 2.1.2.1 Fixed in 2.1.2.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48760 Patch priority Medium CVSS severity Medium 8.2 Developer Crocoblock PSID 0220d8533139 Credits Rafie Muhammad Patchstack...

WordPress JetThemeCore Plugin <= 2.1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software JetThemeCore Type Plugin Vulnerable versions = 2.1.2.1 Fixed in 2.1.2.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-48762 Patch priority Low CVSS severity Low 6.3 Developer Crocoblock PSID 9ac34658e596 Credits Rafie Muhammad Patchsta...

WordPress JetThemeCore Plugin <= 2.1.2.1 is vulnerable to Broken Access Control

Software JetThemeCore Type Plugin Vulnerable versions = 2.1.2.1 Fixed in 2.1.2.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48761 Patch priority Medium CVSS severity Medium 6.3 Developer Crocoblock PSID 81078e3aaad1 Credits Rafie Muhammad Patchstack...