WordPress Automatic Plugin - Unauthenticated Options Change

WordPress Automatic Plugin versions 3.53.2 and below contains a critical vulnerability that allows unauthenticated users to change arbitrary WordPress options through the processform.php script. The vulnerable script uses updateoption on all POST parameters without authentication or capability...

EUVD-2019-20174

WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hcajaxsaveoption action. Attackers can send POST requests to the admin-ajax.php endpoint with the action parameter set to...

EUVD-2019-6602

Malware in sbrugna...

EUVD-2019-6733

Malware in sbrugna...

CVE-2019-15816

The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via savesettingspage and other save functions...

MGASA-2023-0329 Updated docker packages fix security vulnerabilities and bugs

This update fixes several security issues and also solves some other issues - manage change of launch option earlier in post process - Automatically convert -g option to --data-root in installed /etc/sysconfig/docker-storage - Fix CVE-2023-26054 and CVE-2023-28840-2...

10Web Booster < 2.24.18 - Unauthenticated Arbitrary Option Deletion

Description The plugin does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service. fetch"http://127.0.0.1:8001/wp-admin/admin-ajax.php", "headers": "content-type":...

Authorization

The uListing plugin for WordPress is vulnerable to authorization bypass via wproute due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::importnewlayout method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers t...

WordPress Plugin TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. The WordPress Plugin TI WooCommerce...

curl: TLS and SSH connection too eager reuse

A vulnerability was found in curl. This issue occurs because curl can reuse a previously created connection even when a TLS or SSH-related option is changed that should have prohibited reuse. This flaw leads to an authentication bypass, either by mistake or by a malicious actor...

OESA-2022-1675 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: libcurl would reuse a previously created connection even when a TLS or SSH related option had been changed that should have prohibited reuse...

CVE-2022-0404

The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check authorization or that the option mentioned in the notice param belongs to the plugin when processing requests to the cf7mddismissnotice action, allowing any logged in user with roles as low as Subscriber to set...

Qualys Cloud Platform (VM, PC) 8.20.1 New Features

This new release of the Qualys Cloud Platform VM, PC, version 8.20.1, includes support for new technologies and platforms, addition of new technology for Windows UDCs as well as an update in an existing option name "Scan agent hosts in my target" in the Launch Vulnerability Scan page. Feature...

Linux kernel dccp_setsockopt_change() integer overflow

Integer overflow in the dccpsetsockoptchange function in net/dccp/proto.c in the Datagram Congestion Control Protocol DCCP subsystem in the Linux kernel 2.6.17-rc1 through 2.6.26.2 allows remote attackers to cause a denial of service panic via a crafted integer value, related to Change L and Chan...

Project admin is presented with an option to select a Screen Scheme

The option of changing the scheme should only be given to the global admins...