349 matches found
PT-2024-20908 · WordPress · Permalink Manager Lite
Name of the Vulnerable Software and Affected Versions: Permalink Manager Lite plugin for WordPress versions up to, and including, 2.4.3.1 Description: The issue arises from a missing capability check on the ajax save permalink function, allowing authenticated attackers with author access or above...
WordPress Permalink Manager Lite Plugin <= 2.4.3.1 is vulnerable to Broken Access Control
Software Permalink Manager Lite Type Plugin Vulnerable versions = 2.4.3.1 Fixed in 2.4.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2538 Patch priority Low CVSS severity Low 3.8 Developer Claim ownership PSID 50143df9543f Credits Muhammad Zeeshan...
WordPress Plugin Permalink Manager Pro Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2024-22712 · Unknown · Permalink Manager Lite
Name of the Vulnerable Software and Affected Versions: Permalink Manager Lite versions 2.4.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS. Recommendations: For...
Permalink Manager < 2.4.3.2 - Missing Authorization to Authenticated(Author+) arbitrary post slug modification
Description The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavepermalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author acces...
WordPress Permalink Manager Lite Plugin <= 2.4.3 is vulnerable to Cross Site Scripting (XSS)
Software Permalink Manager Lite Type Plugin Vulnerable versions = 2.4.3 Fixed in 2.4.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29092 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0910a781b8f6 Credits Rafie Muhammad Patchsta...
WordPress Premmerce Permalink Manager for WooCommerce Plugin <= 2.3.10 is vulnerable to Local File Inclusion
Software Premmerce Permalink Manager for WooCommerce Type Plugin Vulnerable versions = 2.3.10 Fixed in 2.3.11 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-27971 Patch priority High CVSS severity High 8.3 Developer Premmerce PSID cbe4465b62ca Credits Rafie Muhammad...
VulnCheck KEV: CVE-2024-27971
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through 2.3.10...
CVE-2024-1178
The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the...
Design/Logic Flaw
The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the...
CVE-2024-1178 SportsPress – Sports Club & League Manager <= 2.7.17 - Missing Authorization to Unauthenticated Event Permalink Update
The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the...
CVE-2024-1178 SportsPress – Sports Club & League Manager <= 2.7.17 - Missing Authorization to Unauthenticated Event Permalink Update
The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the...
SportsPress – Sports Club & League Manager < 2.7.18 - Missing Authorization to Unauthenticated Event Permalink Update
Description The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to...
CVE-2024-1942
Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of...
CVE-2024-1177
The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update th...
Design/Logic Flaw
The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update th...
CVE-2024-1177 WP Club Manager – WordPress Sports Club Plugin <= 2.2.10 - Missing Authorization to Unauthenticated Event Permalink Update
The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update th...
WP Club Manager – WordPress Sports Club Plugin < 2.2.11 - Missing Authorization to Unauthenticated Event Permalink Update
Description The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers ...
Mattermost Security Bypass Vulnerability
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security bypass vulnerability exists in Mattermost that stems from an inability to check if the "Allow users to view archived channels" setting is enabled during the permalink preview display, even i...
CVE-2023-43754
Mattermost fails to check whether the “Allow users to view archived channels” setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting is disabled...