254 matches found
Drupal Monster Menus module < 9.3.2 - Unauthenticated Multiple Vulnerabilities
Unauthenticated Multiple Vulnerabilities discovered by Dan Wilga in WordPress Module Monster Menus versions 9.3.2...
WordPress Travel Monster theme <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Travel Monster versions = 1.1.2...
WordPress Travel Monster Theme <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Travel Monster Type Theme Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37272 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9e2e19bbb7fc Credits Dhabaleshwar Das...
CVE-2024-5059 WordPress Event Monster Plugin <= 1.4.0 - Sensitive Data Exposure vulnerability
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Event Management Tickets Booking.This issue affects Event Management Tickets Booking: from n/a through 1.4.0...
WordPress Event Monster Plugin <= 1.4.3 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin Event Management Tickets Booking versions = 1.4.3...
WordPress Event Monster plugin <= 1.3.4 - Authenticated PHP Object Injection via Custom Meta vulnerability
Authenticated PHP Object Injection via Custom Meta vulnerability discovered by Francesco Carlucci in WordPress Plugin Event Management Tickets Booking versions = 1.3.4...
CVE-2024-1895
The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.9 via deserialization via shortcode of untrusted input from a custom meta value. This makes it possible for authenticated...
CVE-2024-1895
The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.4 via deserialization via shortcode of untrusted input from a custom meta value. This makes it possible for authenticated...
CVE-2024-1895
The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.4 via deserialization via shortcode of untrusted input from a custom meta value. This makes it possible for authenticated...
CVE-2024-1895
CVE-2024-1895 affects the WordPress plugin Event Monster – Event Management, Tickets Booking, Upcoming Event . The vulnerability is a PHP Object Injection via deserialization in all versions up to and including 1.3.9, triggered by deserializing untrusted input from a shortcode of a custom meta va...
CVE-2024-1895 Event Monster <= 1.3.9 - Authenticated(Contributor+) PHP Object Injection via Custom Meta
The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.9 via deserialization via shortcode of untrusted input from a custom meta value. This makes it possible for authenticated...
WordPress plugin Event Monster 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPre...
Event Monster <= 1.3.8 - Contributor+ PHP Object Injection via Custom Meta
Description The plugin is vulnerable to PHP Object Injection via deserialization via shortcode of untrusted input from a custom meta value. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable...
PT-2024-14484 · Monster Insights · Google Analytics
Name of the Vulnerable Software and Affected Versions: Google Analytics by Monster Insights versions 8.21.0 and earlier Description: The issue is related to a Missing Authorization vulnerability. This vulnerability affects the MonsterInsights Google Analytics plugin by Monster Insights...
monster-bite.com Cross Site Scripting vulnerability OBB-3888346
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
monster-bite.com Cross Site Scripting vulnerability OBB-3885779
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
monster-bite.com Cross Site Scripting vulnerability OBB-3878292
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-50026
SQL injection vulnerability in Presta Monster "Multi Accessories Pro" hsmultiaccessoriespro module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain sensitive information via the method HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts...
CVE-2023-50026
SQL injection vulnerability in Presta Monster "Multi Accessories Pro" hsmultiaccessoriespro module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain sensitive information via the method HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts...
CVE-2023-50026
CVE-2023-50026 is a SQL injection vulnerability affecting the PrestaMonster/PrestaShop integration in the hsmultiaccessoriespro module. The issue is triggered through HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts() and impacts PrestaShop versions 5.1.1 and earlier. According to th...