WordPress Platform theme < 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Options Update vulnerability

Missing Authorization to Unauthenticated Arbitrary Options Update vulnerability discovered by Marc-Alexandre Montpas in WordPress Theme Platform versions 1.4.4...

WordPress Jetpack Plugin < 13.9.1 is vulnerable to Broken Access Control

Software Jetpack Type Plugin Vulnerable versions 13.9.1 Fixed in 13.9.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9926 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 675e1d99d774 Credits Marc Montpas Required privilege...

WordPress WP Go Maps Plugin < 9.0.28 is vulnerable to Cross Site Scripting (XSS)

Software WP Go Maps Type Plugin Vulnerable versions 9.0.28 Fixed in 9.0.28 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6627 Patch priority Medium CVSS severity Medium 7.1 Developer WP Go Maps PSID 5fe45794e92f Credits Marc Montpas Required...

WordPress is vulnerable to Sensitive Data Exposure

Software WordPress Type WordPress Core Vulnerable versions 6.3.2 Fixed in 6.3.2 OWASP Top 10 A3: Injection Classification Sensitive Data Exposure CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 33dadfeb4ac4 Credits Marc-Alexandre Montpas Automattic Required privile...

WordPress core <= 6.0.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability via SQL Injection SQLi in Media Library discovered by Ben Bidner WordPress security team and Marc Montpas Automattic in WordPress core versions = 6.0.2. Solution Update the WordPress to the latest available version at least 6.0.3...

WordPress All in One SEO plugin <= 4.1.5.2 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Marc Montpas in WordPress All in One SEO plugin versions = 4.1.5.2. Solution Update the WordPress All in One SEO plugin to the latest available version at least 4.1.5.3...

WordPress Smash Balloon Social Post Feed plugin <= 4.0 - Stored Cross-Site Scripting (XSS) via Arbitrary Setting Update vulnerability

Stored Cross-Site Scripting XSS via Arbitrary Setting Update vulnerability discovered by Marc Montpas JetPack Security Team in WordPress Smash Balloon Social Post Feed plugin versions = 4.0. Solution Update the WordPress Smash Balloon Social Post Feed plugin to the latest available version at lea...

WordPress WP Fastest Cache plugin <= 0.9.4 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Marc Montpas Jetpack Scan team in WordPress WP Fastest Cache plugin versions = 0.9.4. Solution Update the WordPress WP Fastest Cache plugin to the latest available version at least 0.9.5...

WordPress Duplicate Page plugin <= 3.3 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability found by Marc-Alexandre Montpas in WordPress Duplicate Page plugin versions = 3.3. Solution Update the WordPress Duplicate Page plugin to the latest available version at least 3.4...

Joomla HTTP Header Unauthenticated Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Joomla HTTP Header Unauthenticated Remote Code Execution', 'Description' = %q Joomla suffers from an unauthenticated remote code...

Jetpack <= 3.7.0 - Stored Cross-Site Scripting (XSS)

Jetpack versions 3.7.0 and earlier are vulnerable to a cross-site scripting vulnerability in the contact form due to improper input sanitization. Reported by Marc-Alexandre Montpas from Sucuri...

Debian Security Advisory DSA 3332-1 (wordpress - security update)

Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site. CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved. The parsing is a bit more strict, which may affect yo...