12 matches found
EUVD-2021-34210
Malicious code in bioql PyPI...
EUVD-2021-34198
Malicious code in bioql PyPI...
CVE-2021-4383
The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to page content injection in versions up to, and including, 5.5. This is due to missing capability checks in the plugin's page-editing functionality. This makes it possible for low-authenticated attackers, such as subscribers, to...
CVE-2021-4371
The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. This is due to lacking both a security nonce and a capabilities check. This makes it possible for low-authenticated attackers to change plugin settings even when they do not ha...
Design/Logic Flaw
The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to page content injection in versions up to, and including, 5.5. This is due to missing capability checks in the plugin's page-editing functionality. This makes it possible for low-authenticated attackers, such as subscribers, to...
Code injection
The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. This is due to lacking both a security nonce and a capabilities check. This makes it possible for low-authenticated attackers to change plugin settings even when they do not ha...
CVE-2021-4383 WP Quick FrontEnd Editor <= 5.5 - Authenticated (Subscriber+) Content Injection
The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to page content injection in versions up to, and including, 5.5. This is due to missing capability checks in the plugin's page-editing functionality. This makes it possible for low-authenticated attackers, such as subscribers, to...
CVE-2021-4383
CVE-2021-4383 affects the WP Quick FrontEnd Editor plugin for WordPress. Technical details in the connected documents show a vulnerability in page-editing due to missing capability checks, making it possible for low-authenticated users (e.g., subscribers) to edit or create any page or post on sit...
CVE-2021-4371 WP Quick FrontEnd Editor <= 5.5 - Authenticated Settings Change
The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. This is due to lacking both a security nonce and a capabilities check. This makes it possible for low-authenticated attackers to change plugin settings even when they do not ha...
CVE-2021-4371 WP Quick FrontEnd Editor <= 5.5 - Authenticated Settings Change
The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. This is due to lacking both a security nonce and a capabilities check. This makes it possible for low-authenticated attackers to change plugin settings even when they do not ha...
CVE-2021-43939 Elcomplus SmartPtt Improper Authorization
Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level administration authorization by issuing requests directly to the desired endpoints...
WordPress Theme Uncode 1.3.1 - Arbitrary File Upload
Vendor Homepage: Software Link: http://themeforest.net/item/uncode-creative-multiuse-wordpress-theme/13373220 Version: 1.3.0 possible 1.3.1 Tested on: Debian 8, PHP 5.6.17-3 Type: RCE, Arbirary file UPLOAD, Low Authenticated Time line: Found 24-APR-2016, Vendor notified 24-APR-2016, Vendor fixed:...