CVE-2024-6860 WP MultiTasking <= 0.1.12 - Permalink Suffix Update via CSRF

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a CSRF attack...

CVE-2024-6860

CVE-2024-6860 concerns the WordPress plugin WP MultiTasking (versions

PT-2025-15673 · WordPress · Wp Multitasking

Name of the Vulnerable Software and Affected Versions: WP MultiTasking WordPress plugin versions 0.1.12 and earlier Description: The WP MultiTasking WordPress plugin does not have a CSRF check when updating its permalink suffix settings, which could allow attackers to make logged-in administrator...

Incorrect Authorization

Overview github.com/mattermost/mattermost/server/v8/channels/api4 is a platform for secure collaboration across the entire software development lifecycle Affected versions of this package are vulnerable to Incorrect Authorization when an admin user adds itself to a private channel by clicking a...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization when an admin user adds itself to a private channel by clicking a permalink. Remediation Upgrade github.com/mattermost/mattermost/server/channels/api4 to version 9.11.9-rc1 or higher. References - GitHub Commit...

SUSE CVE-2024-47003

Mattermost versions 9.11.x = 9.11.0 and 9.5.x = 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend...

CVE-2022-4021

The Permalink Manager Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.20.1. This is due to missing or incorrect nonce validation on the extraactions function. This makes it possible for unauthenticated attackers to change plugin settings...

CVE-2024-29092

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3...

CVE-2024-27971

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce woo-permalink-manager.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through = 2.3.10...

CVE-2024-37257

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3.3...

PT-2024-17328 · WordPress · Permalinker

Name of the Vulnerable Software and Affected Versions: The Permalinker plugin for WordPress versions up to, and including, 1.8.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'permalink' shortcode due to insufficient input sanitization and output escaping on...

CVE-2024-47003

Mattermost versions 9.11.x = 9.11.0 and 9.5.x = 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend...

CVE-2024-47003 DoS via non-string message using permalink embed

Mattermost versions 9.11.x = 9.11.0 and 9.5.x = 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend...

CVE-2024-47003 DoS via non-string message using permalink embed

Mattermost versions 9.11.x = 9.11.0 and 9.5.x = 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend...

PT-2024-32335 · Mattermost +1 · Mattermost +1

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.0 Mattermost versions 9.5.x through 9.5.8 Description: The issue arises from the failure to validate that the message of a permalink post is a string, allowing an attacker to send a non-string value as...

CVE-2024-8195

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'debugdata', 'debugquery', and 'debugredirect' functions in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to extra...

CVE-2024-8195

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'debugdata', 'debugquery', and 'debugredirect' functions in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to extra...

CVE-2024-8195

CVE-2024-8195 affects the Permalink Manager Lite WordPress plugin. Root cause: missing capability checks on debug_data, debug_query, and debug_redirect in all versions up to 2.4.4. Impact: unauthenticated attackers could access sensitive data, including passwords, titles, and content of password-...

CVE-2024-8195 Permalink Manager Lite <= 2.4.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'debugdata', 'debugquery', and 'debugredirect' functions in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to extra...

WordPress Permalink Manager Lite plugin <= 2.4.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by stealthcopter in WordPress Plugin Permalink Manager Lite versions = 2.4.4...