CVE-2023-6223

The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers,...

Design/Logic Flaw

The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the sendbackupcodesemail due to missing validation on a user controlled key. This makes it possible for subscriber-level...

WordPress Plugin SpeedyCache Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2024-15037 · WordPress · The Greenshift

Name of the Vulnerable Software and Affected Versions: The Greenshift – animation and page builder blocks plugin for WordPress versions up to, and including, 7.6.2 Description: The issue is related to arbitrary file uploads due to missing file type validation on the gspb save files function. This...

HTTP Request Smuggling

puma is vulnerable to HTTP Request Smuggling. The vulnerability is caused due to a missing validation while parsing chunked transfer encoding bodies, resulting in the smuggling of requests and unbounded resource consumption DoS...

Prototype Pollution

plotly.js is vulnerable to Prototype pollution. The vulnerability is caused due to missing validation against the proto attribute and other internal getters and setters. An attacker can pollute the prototype with properties containing harmful values, which is subsequently used by application...

Frontend Admin by DynamiApps Plugin < 3.18.4 - Unauthenticated Arbitrary File Upload

Description The plugin is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajaxaddattachment' function, allowing unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible...

PT-2023-32751 · Repbox · Repbox

Name of the Vulnerable Software and Affected Versions: Repbox affected versions not specified Description: An unrestricted file upload vulnerability has been identified, allowing an attacker to upload malicious files via the transforamationfileupload function due to the lack of proper file type...

CVE-2023-5953

The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PHP on the server...

Open Redirect

mattermost is vulnerable to Open Redirect. The vulnerability is caused due to a missing validation at redirect URL parameter. The application fails to validate the custom URL scheme /oauth/service/mobilelogin?redirectto=, once a user clicks "Back to mattermost". The attacker can bypass protection...

CVE-2023-6226 WP Shortcodes Plugin — Shortcodes Ultimate <= 5.13.3 - Insecure Direct Object Reference to Information Disclosure

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the sumeta shortcode due to missing validation on the user controlled keys 'key' and 'postid'. This makes it possible for...

there's missing check for _metadataURI in createNewShare

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept function createNewShare string memory shareName, address bondingCurve, string memory metadataURI external onlyShareCreator returns uint256 id requirewhitelistedBondingCurvesbondingCurve...

Improper Certificate Validation

io.undertow:undertow-core is vulnerable to Improper Certificate Validation. The vulnerability is due to missing certificate validation in the Http2ClientProvider class to check if the identity is presented by the server certificate in HTTPS connections. If the ENDPOINTIDENTIFICATIONALGORITHM is n...

CVE-2023-5860

The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload...

Information Disclosure

matrixsynapse is vulnerable to Information Disclosure. The vulnerability is caused by a missing validation check for the userid parameter used to query cached device information of remote users. This can lead to enumerating the remote users known to a homeserver...

CVE-2020-36706

The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and including, 6.6.0. This makes it possible for attackers to upload arbitrary fil...

Integer Overflow

libtommath.so is vulnerable to Denial Of Service DoS. The vulnerability exists due to missing validation checks, which allows an attacker to possibly cause an application crash or code execution...

CVE-2023-4238

The Prevent files / folders access WordPress plugin before 2.5.2 does not validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server...

WordPress plugin WooCommerce PDF Invoice Builder 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. WordPress plugin is an application plugin. WordPress plugin WooCommerce PDF...

Missing validation to ensure that the _l2CoreGovTimelock parameter is not the zero address in the initialize function

Lines of code Vulnerability details Impact The initialize function accepts a parameter l2CoreGovTimelock and does check if it's a contract address using Address.isContract. However, there's no explicit check to ensure that l2CoreGovTimelock is not the zero address...