24 matches found
EUVD-2022-0935
Malicious code in bioql PyPI...
CVE-2025-9219
The Post SMTP – WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatepostsmtpprooptioncallback'...
CVE-2023-5538
The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the IP Request Headers in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...
CVE-2022-23409
The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php...
CVE-2024-11372
The Connexion Logs WordPress plugin through 3.0.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks...
CVE-2024-11373
The Connexion Logs WordPress plugin through 3.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-11373 Connexion Logs <= 3.0.2 - Log Deletion via CSRF
The Connexion Logs WordPress plugin through 3.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-11372 Connexion Logs <= 3.0.2 - Admin+ SQL Injection
The Connexion Logs WordPress plugin through 3.0.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks...
WordPress plugin Connexion Logs 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
CVE-2025-0916
The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 2.4.9 to 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...
Craft CMS Logs Plugin 3.0.3 - Path Traversal (Authenticated)
Exploit Title: Craft CMS Logs Plugin 3.0.3 - Path Traversal Authenticated Date: 2022.01.26 Exploit Author: Steffen Rogge Vendor Homepage: https://github.com/ethercreative/logs Software Link: https://plugins.craftcms.com/logs Version: =3.0.4 impact: Medium found: 2021-07-06 SEC Consult Vulnerabili...
GHSA-9CHX-2VQW-8VQ5 Duplicate Advisory: Path Traversal in the Logs plugin for Craft CMS
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fp63-499m-hq6m. This link is maintained to preserve external references. Original Description The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream ...
Duplicate Advisory: Path Traversal in the Logs plugin for Craft CMS
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fp63-499m-hq6m. This link is maintained to preserve external references. Original Description The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream ...
CVE-2022-23409
The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php...
CVE-2022-23409
The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php...
CVE-2022-23409
The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php...
Design/Logic Flaw
The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php...
CVE-2022-23409
The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php...
CVE-2022-23409
CVE-2022-23409 concerns the Craft CMS Logs plugin (Ethercreative Logs) prior to version 3.0.4. Root cause: path traversal through input to actionStream in Controller.php, enabling remote attackers to read arbitrary files. Affected: Logs plugin for Craft CMS, versions before 3.0.4. Impact: unautho...
Pixel&tonic Craft CMS 路径遍历漏洞
Pixel & tonic Craft CMS is a content management system CMS from Pixel & Tonic Pixel & tonic. A path traversal vulnerability exists in Pixel & tonic Craft CMS, which stems from a path traversal security issue in the Ethercreative Logs plugin for Craft CMS...