CVE-2024-0623

The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.31.1.1. This is due to missing or incorrect nonce validation on the vbpclearpatternscache function. This makes it possible for unauthenticated attackers to clear the...

CVE-2024-0623

The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.31.1.1. This is due to missing or incorrect nonce validation on the vbpclearpatternscache function. This makes it possible for unauthenticated attackers to clear the...

Cross site request forgery (csrf)

The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.31.1.1. This is due to missing or incorrect nonce validation on the vbpclearpatternscache function. This makes it possible for unauthenticated attackers to clear the...

CVE-2024-0623

VK Block Patterns for WordPress (versions

CVE-2024-0623 VK Block Patterns <= 1.31.1.1 - Cross-Site Request Forgery

The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.31.1.1. This is due to missing or incorrect nonce validation on the vbpclearpatternscache function. This makes it possible for unauthenticated attackers to clear the...

WordPress plugin VK Block Patterns security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2024-15699 · WordPress · Vk Block Patterns

Name of the Vulnerable Software and Affected Versions: VK Block Patterns plugin for WordPress versions up to, and including, 1.31.1.1 Description: The issue is due to missing or incorrect nonce validation on the vbp clear patterns cache function, making it possible for unauthenticated attackers t...

EulerOS Virtualization 3.0.6.0 : curl (EulerOS-SA-2023-3425)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when...

EulerOS 2.0 SP11 : curl (EulerOS-SA-2023-2635)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously...

Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows

Cybersecurity researchers have disclosed a now-patched security flaw in the Opera web browser for Microsoft Windows and Apple macOS that could be exploited to execute any file on the underlying operating system. The remote code execution vulnerability has been codenamed MyFlaw by the Guardio Labs...

WebCopilot - An Automation Tool That Enumerates Subdomains Then Filters Out Xss, Sqli, Open Redirect, Lfi, Ssrf And Rce Parameters And Then Scans For Vulnerabilities

WebCopilot is an automation tool designed to enumerate subdomains of the target and detect bugs using different open-source tools. The script first enumerate all the subdomains of the given target domain using assetfinder, sublister, subfinder, amass, findomain, hackertarget, riddler and crt then...

Business Logic Vulnerability in dropTopVotedPiece Function

Lines of code Vulnerability details Potential Risk: The dropTopVotedPiece function in the CultureIndex contract allows the dropperAdmin to drop the top-voted piece. While the function checks if the caller is the dropperAdmin, there is a potential business logic vulnerability. The function only...

PT-2023-7295

Name of the Vulnerable Software and Affected Versions BusyBox version 1.36.1 Description A use-after-free issue was found in the copyvar function of the awk.c file in BusyBox. This issue can be triggered by a crafted awk pattern, potentially allowing an attacker to execute arbitrary code...

CVE-2023-47529

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeIsle Cloud Templates & Patterns collection.This issue affects Cloud Templates & Patterns collection: from n/a through 1.2.2...

CVE-2023-47529

CVE-2023-47529 affects the WordPress plugin Cloud Templates & Patterns collection (ThemeIsle) up to version 1.2.2. Root cause: information exposure via a log file with a predictable name (ti_theme_onboarding.log) that unauthenticated users could access, leaking sensitive data. A fix is available ...

WordPress Plugin ThemeIsle Cloud Templates & Patterns collection Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. WordPress Plugin ThemeIsle...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Themeisle Cloud_Templates_\&_Patterns_Collection

CVE-2023-47529 Cloud Templates & Patterns collection =...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-3121)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Cloud Templates & Patterns collection Plugin <= 1.2.2 is vulnerable to Sensitive Data Exposure

Software Cloud Templates & Patterns collection Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2023-47529 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID...

RHEL 8 : curl (RHSA-2023:6292)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6292 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...